Vulnerabilities > Mybb > Mybb > 1.2.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-30 | CVE-2010-4628 | Unspecified vulnerability in Mybb member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table. | 5.0 |
2010-12-30 | CVE-2010-4627 | Cross-Site Request Forgery (CSRF) vulnerability in Mybb Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2010-12-30 | CVE-2010-4626 | Cryptographic Issues vulnerability in Mybb The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack. | 5.1 |
2010-12-30 | CVE-2010-4625 | Information Exposure vulnerability in Mybb MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page. | 5.0 |
2010-12-30 | CVE-2010-4624 | Permissions, Privileges, and Access Controls vulnerability in Mybb MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created. | 3.5 |
2008-09-11 | CVE-2008-3967 | Permissions, Privileges, and Access Controls vulnerability in Mybb moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. | 7.5 |
2008-09-11 | CVE-2008-3966 | Cross-Site Scripting vulnerability in Mybb Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. | 4.3 |
2008-09-11 | CVE-2008-3965 | SQL Injection vulnerability in Mybb SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field. | 7.5 |
2008-07-27 | CVE-2008-3334 | Cross-Site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. | 4.3 |
2008-07-08 | CVE-2008-3071 | Path Traversal vulnerability in Mybb Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable. | 7.5 |