MyBulletinBoard (MyBB) 1.x - usercp.php Directory Traversal

MyBulletinBoard MyBB 1.x - usercp.php Directory Traversal source: https://www.securityfocus.com/bid/19195/info MyBulletinBoard is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrar...

CVE-2006-3243

SQL injection vulnerability in usercp.php in MyBB MyBulletinBoard 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter...

CVE-2006-3243

The CVE-2006-3243 issue affects MyBB (MyBulletinBoard) versions 1.0 through 1.1.3, where a SQL injection vulnerability exists in usercp.php via the showcodebuttons parameter. The underlying root cause is an injectable parameter that allows remote execution of arbitrary SQL commands. Impact detail...

MyBulletinBoard (MyBB) 1.0.x/1.1.x - 'usercp.php' SQL Injection

source: https://www.securityfocus.com/bid/18602/info MyBulletinBoard is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise t...

Sql injection

Multiple SQL injection vulnerabilities in MyBB aka MyBulletinBoard 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in 1 usercp.php and 2 member.php...

CVE-2006-2333

CVE-2006-2333 concerns MyBB 1.1.1 where multiple SQL injection flaws allow remote attackers to run arbitrary SQL through the email address during registration for a mail-verified forum, due to improper handling in (1) usercp.php and (2) member.php. The vulnerability permits injected SQL commands ...

Sql injection

Multiple SQL injection vulnerabilities in Invision Power Board IPB 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to 1 arrays of id/stamp pairs and 2 the keys in arrays of key/value pairs in ipsclass.php; 3 the topics variable in...

CVE-2006-1288

Multiple SQL injection vulnerabilities in Invision Power Board IPB 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to 1 arrays of id/stamp pairs and 2 the keys in arrays of key/value pairs in ipsclass.php; 3 the topics variable in...

CVE-2006-1288

Multiple SQL injection vulnerabilities in Invision Power Board IPB 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to 1 arrays of id/stamp pairs and 2 the keys in arrays of key/value pairs in ipsclass.php; 3 the topics variable in...

MyBB 1.0.1/1.0.2 Notepad - 'usercp.php' HTML Injection

source: https://www.securityfocus.com/bid/16361/info MyBB is prone to an HTML-injection vulnerability. This issue is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the contex...

CVE-2006-0219

The original distribution of MyBulletinBoard MyBB to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct 1 SQL injection attacks via an attachment name that is not properly handled by inc/functionsupload.php...

MyBB 1.0.2 SQL injection in usercp.php

this is a bug report for MyBB 1.0.2latest version bug found by imei there is a security bug in usercp.php line 830 that Allows SQL Injection and can result to full access to admin cp. bug is in result of poor checking of $mybb-input'threadmode' value against all other values in usercp.php file...

CVE-2005-4612

VULNERABILITY SUMMARY (CVE-2005-4612) : The affected software is VUBB alpha rc1. It contains multiple SQL injection vulnerabilities in three entry points: viewforum.php (parameter f), viewtopic.php (parameter t), and usercp.php (parameter view). The underlying issue is improper handling of user-s...

CVE-2005-4642

Multiple cross-site scripting XSS vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to 1 search.php, 2 members.php, 3 stats.php, 4 viewforum.php, 5 register.php, 6 usercp.php, 7 groups.php, 8 pms.php, and 9 calendar.php...

CVE-2005-4199

MyBB prior to 1.0 is affected by multiple SQL injection vulnerabilities. The public details identify concrete vectors, notably the month parameter in calendar.php (SQLi), and additional parameters in usercp.php, member.php, and showthread/ratethread.php. This is a documented remote, unauthenticat...

CVE-2005-3326

SQL injection vulnerability in usercp.php in MyBulletinBoard MyBB allows remote attackers to execute arbitrary SQL commands via the awayday parameter...

CVE-2005-3326

SQL injection vulnerability in usercp.php in MyBulletinBoard MyBB allows remote attackers to execute arbitrary SQL commands via the awayday parameter...

CVE-2005-3326

The CVE-2005-3326 entry concerns MyBulletinBoard (MyBB) where SQL injection is possible in usercp.php via the awayday parameter, enabling remote SQL commands. Affected software: MyBB/MyBulletinBoard; vulnerable component: usercp.php (likely parameter handling). Underlying cause: unvalidated input...

CVE-2005-1811

Technical details for CVE-2005-1811 are not publicly available in the provided documents. Monitor for updates.