MyBB Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/13827/info MyBB is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to...

CVE-2010-4627

Cross-site request forgery CSRF vulnerability in usercp2.php in MyBB aka MyBulletinBoard before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in usercp2.php in MyBB aka MyBulletinBoard before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2010-4627

Cross-site request forgery CSRF vulnerability in usercp2.php in MyBB aka MyBulletinBoard before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2010-4627

The CVE-2010-4627 issue affects MyBB (MyBulletinBoard) prior to 1.4.12, where a CSRF in usercp2.php could allow remote attackers to hijack user authentication via unknown vectors. Documented impact is authenticated session hijack; no concrete exploit details are provided in the sources. Acknowled...

CVE-2008-3966

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via 1 a certain referrer field in usercp2.php, 2 a certain location field in inc/functionsonline.php, and certain 3 tsubject and 4 psubject fiel...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via 1 a certain referrer field in usercp2.php, 2 a certain location field in inc/functionsonline.php, and certain 3 tsubject and 4 psubject fiel...

CVE-2006-0495

Cross-site scripting XSS vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB aka MyBulletinBoard 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header $url variable...

MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )

Invalid characters removed from From: [email protected], |@securityfocus.com, MyBB 1.02 usercp2.php XSS ------------------------------ Devil-00 D3vil-0x1 - Attacking MyBB : [email protected] ----------------------------- File :- usercp2.php Var :- $url Line's :- - 39 - 58 - 84 - 108 - 130 - 149 - 1...

CVE-2005-1833

Multiple SQL injection vulnerabilities in MyBulletinBoard MyBB 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the 1 eid parameter to calendar.php, 2 idsql parameter to online.php, 3 usersearch parameter to memberlist.php, 4 pid parameter to editpost.php, 5 fid parameter to...