Hi all,

Can anyone help me make sense of this...

I was researching forum softwares, and came across this website:
National Vulnerability Database

Does anyone know what all this stuff below means, are these things that I should be concerned about? Almost every forum software is listed with numerous issues. Below are a few examples and just the first entry listed under each software.

I'm new to all this, so my apologies if this was previously explored.

Also, does anyone know which software is "known" to be the most secure....which is the absolute worst?

Any information is greatly appreciated.

Mardi Gras Hugs to all!



VBulletin
1st entry:
Overview

SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter.


References to Advisories, Solutions, and Tools

External Source: XF (disclaimer)

Name: cauposhopclassic-saarticleid-sql-injection(43200)

Hyperlink: ISS X-Force Database: cauposhopclassic-saarticleid-sql-injection(43200): CaupoShop Classic saArticle[ID] SQL injection


PHPbb
Original release date: 5/28/2008
Last revised: 5/28/2008
Source: US-CERT/NIST


Overview

PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] parameter.


Impact

CVSS Severity (version 2.0):
CVSS v2 Base score: 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0

Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Provides administrator access, Allows complete confidentiality, integrity, and availability violation , Allows unauthorized disclosure of information , Allows disruption of service



IPB
Original release date: 3/17/2008
Last revised: 3/18/2008
Source: US-CERT/NIST


Overview

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.


Impact

CVSS Severity (version 2.0):
CVSS v2 Base score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6

Access Vector: Network exploitable , Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification

SQL injection - Wikipedia, the free encyclopedia
Remote file inclusion - Wikipedia, the free encyclopedia
Cross-site scripting - Wikipedia, the free encyclopedia

__________________
The Oldiesmann
SMF Project Manager
SMF+Gallery2 Integration Project - Beta3.1 now available!