CVE-2016-9403

newreply.php in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check...

CVE-2016-9403

newreply.php in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check...

Design/Logic Flaw

newreply.php in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check...

VBulletin 3.0.1 newreply.php WYSIWYG_HTML Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10602/info VBulletin is reported prone to an HTML injection vulnerability. This issue affects the 'newreply.php' and 'newthread.php' scripts. An attacker may exploit this issue by including hostile HTML and script code in...

CVE-2010-4522

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 editpost.php, 2 member.php, and 3 newreply.php...

CVE-2010-4522

MyBB versions 1.4.14 and 1.6.x before 1.6.1 contain multiple XSS vulnerabilities that allow remote attackers to inject arbitrary script/HTML via editpost.php, member.php, and newreply.php. Root cause is improper input handling in those endpoints leading to stored/reflected input being executed in...

XSS в vBulletin 3.x

Здравствуйте, vuln. Параметры posthash и poststarttime в скриптах newreply.php и newthread.php не фильтруются в POST-запросе это для версии 3.0.9 для 3.5.4 уязвим только параметр posthash и только в скрипте newthread.php В результате чего возможна атака типа XSS. ПРИМЕР: POST /forum/newthread.php...

MyBBPR2.txt

Hello .. The Injected File : misc.php , newreply.php Discovered by: Devil-00 Injected Versions :- MyBB Preview Release 2 misc.php :- CODE http://site/misc.php?action=rules&fid=-1' SQL /CODE newreply.php :- CODE Do Preview By FireFox And Edit Header ; Content-Disposition: form-data; name="icon"\r\...

CVE-2005-1833

Multiple SQL injection vulnerabilities in MyBulletinBoard MyBB 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the 1 eid parameter to calendar.php, 2 idsql parameter to online.php, 3 usersearch parameter to memberlist.php, 4 pid parameter to editpost.php, 5 fid parameter to...

vBulletin 3.0.1 - newreply.php?WYSIWYG_HTML Cross-Site Scripting

vBulletin 3.0.1 - newreply.php?WYSIWYGHTML Cross-Site Scripting source: https://www.securityfocus.com/bid/10602/info VBulletin is reported prone to an HTML injection vulnerability. This issue affects the 'newreply.php' and 'newthread.php' scripts. An attacker may exploit this issue by including...