GBBS Pro contains a flaw that may allow an authenticated user to gain elevated privilges. The issue occurs when a user launches the built in editor and holds down the TAB key, or presses the space bar followed by a CTRL-C. Either set of key sequences will force the editor to abort and leave the user with increased privileges.
Proving Grounds BBS contains a flaw that may allow a remote attacker to gain SYSOP access. The issue occurs when an attacker connects to the system and provides a crafted login sequence. Due to an error in processing input to the login fields, the system will allow a user that has not provided SYSOP authentication to gain access to the SYSOP menu with equivalent privileges.
GBBS Pro BBS contains a flaw that may allow a user to gain SYSOP privileges. The issue occurs when an unprivileged user reads the userlist and forces a disconnect when it displays the SYSOP. If the user calls back immediately and logs on, they may gain full SYSOP privileges.
By default, Major BBS installs with two default accounts. The "sysop" account has a password of "sysop" and the "test" account has a password of "test", both of which are publicly known and documented. This allows attackers to trivially access the program or system.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.