26 matches found
CVE-2006-1345
polls.php in MyBB aka MyBulletinBoard 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option=null" parameter value, which reveals the path in an error message...
CVE-2006-1345
CVE-2006-1345 affects MyBB (MyBulletinBoard) 1.10 in polls.php. A vote action using option[]=null can trigger an error message that exposes the server path, enabling information disclosure. The vulnerability is described as a remote information exposure due to an error response, with affected pro...
MyBB 1.10 Full Path Disclosure
D3vil-0x1 | Devil-00 New MyBB bug that will giv you the ' Full Path Disclosure ' at vic. server MyBB 1.10 .. New Bugs 1- Full Path Disclosure = mybb/polls.php?action=vote&pid=PID&option=null - Where PID Poll ID...
CVE-2005-2580
CVE-2005-2580 affects MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch. The vulnerability stems from improper sanitization of user input, enabling SQL injection via the Username field in index.php or member.php, via the action parameter in search.php or member.php, or via the polloptions param...
CVE-2005-2580
Multiple SQL injection vulnerabilities in MyBulletinBoard MyBB 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in 1 index.php or 2 member.php, action parameter to 3 search.php or 4 member.php, or 5 polloptions parameter to polls.php...
CVE-2005-2580
Multiple SQL injection vulnerabilities in MyBulletinBoard MyBB 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in 1 index.php or 2 member.php, action parameter to 3 search.php or 4 member.php, or 5 polloptions parameter to polls.php...