Mybulletinboard Security Vulnerabilities and Issues — Mybulletinboard CVE List

Lucene search

MybulletinboardMybulletinboard

12 matches found

CVE•added 2006/03/07 10:6 p.m.•54 views

CVE-2006-1065

SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter.

5CVSS8.4AI score0.00373EPSS

CVE•added 2006/04/20 6:6 p.m.•47 views

CVE-2006-1912

MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL i...

5.8CVSS6.8AI score0.00898EPSS

CVE•added 2006/03/22 1:2 a.m.•44 views

CVE-2006-1345

polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message.

5CVSS6.1AI score0.00507EPSS

CVE•added 2006/09/25 1:7 a.m.•43 views

CVE-2006-4972

Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.

5.1CVSS5.9AI score0.00841EPSS

CVE•added 2006/08/01 9:4 p.m.•42 views

CVE-2006-3954

Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.

5CVSS7.1AI score0.0022EPSS

CVE•added 2006/04/11 11:2 p.m.•40 views

CVE-2006-1716

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from th...

5.1CVSS5.5AI score0.01631EPSS

CVE•added 2006/01/25 2:3 a.m.•38 views

CVE-2006-0406

search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters.

5CVSS6.6AI score0.00477EPSS

CVE•added 2005/11/23 1:3 a.m.•36 views

CVE-2005-3777

MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form.

5CVSS7.1AI score0.0038EPSS

CVE•added 2006/04/11 11:2 p.m.•36 views

CVE-2006-1717

Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username.

5.1CVSS5.7AI score0.00874EPSS

CVE•added 2006/09/25 1:7 a.m.•35 views

CVE-2006-4971

MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.

5CVSS6.5AI score0.00376EPSS

CVE•added 2006/08/30 1:4 a.m.•31 views

CVE-2006-4449

Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.

5.1CVSS6AI score0.06539EPSS

CVE•added 2006/07/21 2:3 p.m.•27 views

CVE-2006-3759

Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation."

5CVSS6.8AI score0.00437EPSS