9 matches found
CVE-2010-4627
Cross-site request forgery CSRF vulnerability in usercp2.php in MyBB aka MyBulletinBoard before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in usercp2.php in MyBB aka MyBulletinBoard before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2010-4627
Cross-site request forgery CSRF vulnerability in usercp2.php in MyBB aka MyBulletinBoard before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2010-4627
The CVE-2010-4627 issue affects MyBB (MyBulletinBoard) prior to 1.4.12, where a CSRF in usercp2.php could allow remote attackers to hijack user authentication via unknown vectors. Documented impact is authenticated session hijack; no concrete exploit details are provided in the sources. Acknowled...
CVE-2008-3966
Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via 1 a certain referrer field in usercp2.php, 2 a certain location field in inc/functionsonline.php, and certain 3 tsubject and 4 psubject fiel...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via 1 a certain referrer field in usercp2.php, 2 a certain location field in inc/functionsonline.php, and certain 3 tsubject and 4 psubject fiel...
CVE-2006-0495
Cross-site scripting XSS vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB aka MyBulletinBoard 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header $url variable...
MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )
Invalid characters removed from From: [email protected], |@securityfocus.com, MyBB 1.02 usercp2.php XSS ------------------------------ Devil-00 D3vil-0x1 - Attacking MyBB : [email protected] ----------------------------- File :- usercp2.php Var :- $url Line's :- - 39 - 58 - 84 - 108 - 130 - 149 - 1...
CVE-2005-1833
Multiple SQL injection vulnerabilities in MyBulletinBoard MyBB 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the 1 eid parameter to calendar.php, 2 idsql parameter to online.php, 3 usersearch parameter to memberlist.php, 4 pid parameter to editpost.php, 5 fid parameter to...