Vendor Dictionary: The XMB Group

The XMB Group

Short Name:	[None Entered]
Previous Names:	[None Entered]
URL:	http://www.xmbforum.com/ [visit link]
Email:	[None Entered]
Security URL:	http://www.xmbforum.com/tracker/ [visit link]
Security Email:	[None Entered]
Knowledge Base:	http://forums.xmbforum.com/ [visit link]
Notes:	[No Notes]

Vulnerabilities by Vendor Product

The XMB Group

The XMB Group

XMB Forum: 1.6; OSVDB ID: 71405 XMB Multiple Admin Function CSRF; OSVDB ID: 55678 XMB User Registration MSN Field XSS; OSVDB ID: 14987 XMB Forum post.php Multiple Parameter XSS; OSVDB ID: 14986 XMB Forum stats.php Multiple Parameter XSS; OSVDB ID: 66388 XMB Admin Password Manipulation CSRF; OSVDB ID: 4042 XMB member.php member Parameter XSS; OSVDB ID: 4043 XMB u2uadmin.php uid Parameter XSS; OSVDB ID: 4047 XMB misc.php desc Parameter SQL Injection; OSVDB ID: 4046 XMB viewthread.php ppp Parameter SQL Injection; OSVDB ID: 4045 XMB BBcode align Tag XSS; OSVDB ID: 4044 XMB editprofile.php user Parameter XSS; OSVDB ID: 8874 XMB BBCode IMG Tag XSS; OSVDB ID: 4041 XMB header.php Encoded Request XSS Filter Bypass; 1.8 Final; 1.8 Service Pack 1; 1.8 ServicePack 2; 1.8 beta; 1.6; 1.8 Final; 1.8 Service Pack 1; 1.8 beta; 1.6; 1.8 Final; 1.8 Service Pack 1; 1.8 ServicePack 2; 1.8 beta; 1.8 SP2; 1.8 SP2; 1.8-SP3 (Partaguim); OSVDB ID: 14983 XMB Forum xmb.php xmbuser Parameter XSS; OSVDB ID: 14988 XMB Forum forumdisplay.php Multiple Parameter XSS; OSVDB ID: 14986 XMB Forum stats.php Multiple Parameter XSS; OSVDB ID: 14985 XMB Forum u2u.php folder Parameter XSS; OSVDB ID: 14982 XMB Forum phpinfo.php XSS; 1.9-Beta (Nexus); OSVDB ID: 14989 XMB Forum member.php restrict Parameter XSS; OSVDB ID: 14991 XMB Forum today.php restrict Parameter XSS; OSVDB ID: 16884 XMB Forum misc.php restrict Parameter XSS; OSVDB ID: 14983 XMB Forum xmb.php xmbuser Parameter XSS; OSVDB ID: 16885 XMB Forum misc.php restrict Parameter SQL Injection; OSVDB ID: 14990 XMB Forum member.php restrict Parameter SQL Injection; OSVDB ID: 4643 XMB Forum phpinfo.php Information Disclosure; OSVDB ID: 14984 XMB Forum editprofile.php u2uheader Parameter XSS; OSVDB ID: 16886 XMB Forum today.php restrict Parameter SQL Injection; OSVDB ID: 14982 XMB Forum phpinfo.php XSS; 1.9.3; 1.9.3; 1.9.11.11; 1.8 SP2; OSVDB ID: 4048 XMB forumdisplay.php Multiple Parameter SQL Injection; OSVDB ID: 4042 XMB member.php member Parameter XSS; OSVDB ID: 4043 XMB u2uadmin.php uid Parameter XSS; OSVDB ID: 4049 XMB stats.php addon Parameter SQL Injection; OSVDB ID: 4046 XMB viewthread.php ppp Parameter SQL Injection; OSVDB ID: 4045 XMB BBcode align Tag XSS; OSVDB ID: 4044 XMB editprofile.php user Parameter XSS; OSVDB ID: 4041 XMB header.php Encoded Request XSS Filter Bypass; 1.6; 1.8 SP1; OSVDB ID: 4042 XMB member.php member Parameter XSS; OSVDB ID: 4043 XMB u2uadmin.php uid Parameter XSS; OSVDB ID: 4046 XMB viewthread.php ppp Parameter SQL Injection; OSVDB ID: 4045 XMB BBcode align Tag XSS; OSVDB ID: 4044 XMB editprofile.php user Parameter XSS; OSVDB ID: 4041 XMB header.php Encoded Request XSS Filter Bypass; 1.8 SP2; 1.6; 1.8; OSVDB ID: 71405 XMB Multiple Admin Function CSRF; OSVDB ID: 2191 XMB Forum member.php member Parameter XSS; OSVDB ID: 23073 XMB Forum buddy.php action Parameter XSS; OSVDB ID: 53633 XMB member.php Multiple Parameter SQL Injection; OSVDB ID: 55678 XMB User Registration MSN Field XSS; OSVDB ID: 14987 XMB Forum post.php Multiple Parameter XSS; OSVDB ID: 14988 XMB Forum forumdisplay.php Multiple Parameter XSS; OSVDB ID: 14986 XMB Forum stats.php Multiple Parameter XSS; OSVDB ID: 14985 XMB Forum u2u.php folder Parameter XSS; OSVDB ID: 66388 XMB Admin Password Manipulation CSRF; OSVDB ID: 4048 XMB forumdisplay.php Multiple Parameter SQL Injection; OSVDB ID: 4042 XMB member.php member Parameter XSS; OSVDB ID: 4043 XMB u2uadmin.php uid Parameter XSS; OSVDB ID: 4046 XMB viewthread.php ppp Parameter SQL Injection; OSVDB ID: 4045 XMB BBcode align Tag XSS; OSVDB ID: 4044 XMB editprofile.php user Parameter XSS; OSVDB ID: 4041 XMB header.php Encoded Request XSS Filter Bypass; 1.8; 1.6; 1.8 SP1; 1.6; 1.8 SP1; 1.8 SP2; 1.8; 1.8; 1.8 SP1; 1.8 SP2; 1.8 SP2; 1.9.3; OSVDB ID: 20941 XMB member.php Your Current Mood Field XSS; OSVDB ID: 23117 XMB Forums today.php Cookie Data SQL Injection; OSVDB ID: 23118 XMB Forums u2u.inc.php Multiple Function SQL Injection; OSVDB ID: 20511 XMB u2u.php username Parameter XSS; OSVDB ID: 14987 XMB Forum post.php Multiple Parameter XSS; OSVDB ID: 66388 XMB Admin Password Manipulation CSRF; 1.0; OSVDB ID: 27920 XMB IMG Element SRC Attribute XSS; OSVDB ID: 14987 XMB Forum post.php Multiple Parameter XSS; OSVDB ID: 14988 XMB Forum forumdisplay.php Multiple Parameter XSS; OSVDB ID: 4048 XMB forumdisplay.php Multiple Parameter SQL Injection; 1.9.5; OSVDB ID: 24631 XMB Forum .swf Actionscript Execution; OSVDB ID: 14987 XMB Forum post.php Multiple Parameter XSS; OSVDB ID: 27720 XMB u2u.inc.php u2u_send_recp function Function SQL Injection; OSVDB ID: 29344 XMB memcp.php langfilenew Parameter Traversal Local File Inclusion; OSVDB ID: 66388 XMB Admin Password Manipulation CSRF; 1.8; OSVDB ID: 4047 XMB misc.php desc Parameter SQL Injection; 1.8 SP1; OSVDB ID: 4047 XMB misc.php desc Parameter SQL Injection; 1.8 SP2; OSVDB ID: 4047 XMB misc.php desc Parameter SQL Injection; 1.9.8 SP1; OSVDB ID: 71405 XMB Multiple Admin Function CSRF; OSVDB ID: 66388 XMB Admin Password Manipulation CSRF; 1.9.1; OSVDB ID: 71405 XMB Multiple Admin Function CSRF; OSVDB ID: 18660 XMB Forum u2u.inc.php in Parameter SQL Injection; OSVDB ID: 18659 XMB Forum xmb.php Server Set Variable Overwrite; OSVDB ID: 14993 XMB Profile Mood Variables XSS; OSVDB ID: 14987 XMB Forum post.php Multiple Parameter XSS; OSVDB ID: 66388 XMB Admin Password Manipulation CSRF; 1.9.8 SP2; OSVDB ID: 71405 XMB Multiple Admin Function CSRF; OSVDB ID: 33567 XMB U2U Instant Messenger memcp.php recipient Field XSS; OSVDB ID: 14987 XMB Forum post.php Multiple Parameter XSS; OSVDB ID: 66388 XMB Admin Password Manipulation CSRF; 1.5; OSVDB ID: 71405 XMB Multiple Admin Function CSRF; OSVDB ID: 55678 XMB User Registration MSN Field XSS; OSVDB ID: 14987 XMB Forum post.php Multiple Parameter XSS; OSVDB ID: 14988 XMB Forum forumdisplay.php Multiple Parameter XSS; OSVDB ID: 14985 XMB Forum u2u.php folder Parameter XSS; OSVDB ID: 66388 XMB Admin Password Manipulation CSRF; OSVDB ID: 4048 XMB forumdisplay.php Multiple Parameter SQL Injection; 1.9.11; OSVDB ID: 71405 XMB Multiple Admin Function CSRF; OSVDB ID: 66388 XMB Admin Password Manipulation CSRF; 1.8 Partagium; 1.9.11.11; 1.9.2; OSVDB ID: 20942 XMB post.php fid Variable Path Disclosure; 1.9.9; OSVDB ID: 14987 XMB Forum post.php Multiple Parameter XSS; 1.6; OSVDB ID: 86917 XMB Forum index.php analized Parameter Unauthenticated Remote Log File Access; 1.6; OSVDB ID: 86918 XMB Forum member.php Multiple Parameter XSS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.