Filtered by vendor Mybulletinboard
Subscriptions
Filtered by product Mybulletinboard
Subscriptions
Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2589 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code. | ||||
| CVE-2006-3758 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php. | ||||
| CVE-2006-3775 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php. | ||||
| CVE-2006-3953 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | ||||
| CVE-2006-3954 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action. | ||||
| CVE-2006-4707 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]). | ||||
| CVE-2006-4971 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message. | ||||
| CVE-2006-4972 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter. | ||||
| CVE-2006-1974 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. | ||||
| CVE-2005-1811 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile. | ||||
| CVE-2005-1832 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php. | ||||
| CVE-2006-0364 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript". | ||||
| CVE-2006-0406 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters. | ||||
| CVE-2005-2580 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php. | ||||
| CVE-2005-2697 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282. | ||||
| CVE-2006-0494 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter. | ||||
| CVE-2005-4200 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199. | ||||
| CVE-2006-0523 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable. | ||||
| CVE-2006-0770 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-3326 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter. | ||||