Total
63 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-2230 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter. | |||||
CVE-2008-0787 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php. | |||||
CVE-2007-1963 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. | |||||
CVE-2006-4971 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 5.0 MEDIUM | N/A |
MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message. | |||||
CVE-2008-0382 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 7.5 HIGH | N/A |
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php. | |||||
CVE-2007-1964 | 2 Mybb, Mybulletinboard | 2 Mybb, Mybulletinboard | 2024-02-28 | 6.0 MEDIUM | N/A |
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output. | |||||
CVE-2006-4972 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 5.1 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter. | |||||
CVE-2007-2211 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action. | |||||
CVE-2006-1065 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter. | |||||
CVE-2006-1625 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. | |||||
CVE-2006-0639 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E. | |||||
CVE-2005-3776 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system. | |||||
CVE-2006-0959 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected. | |||||
CVE-2006-1345 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 5.0 MEDIUM | N/A |
polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message. | |||||
CVE-2006-0364 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript". | |||||
CVE-2006-1282 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. | |||||
CVE-2006-0770 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2005-2580 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php. | |||||
CVE-2006-2908 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 7.5 HIGH | N/A |
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. | |||||
CVE-2006-0495 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable). |