CVE-2008-4930

MyBB aka MyBulletinBoard 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing....

Cross site scripting

Cross-site scripting XSS vulnerability in the redirect function in functions.php in MyBB aka MyBulletinBoard 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a...