Vulnerabilities > Mybb > Mybb > 1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-30 | CVE-2010-4626 | Cryptographic Issues vulnerability in Mybb The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack. | 5.1 |
2010-12-30 | CVE-2010-4625 | Information Exposure vulnerability in Mybb MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page. | 5.0 |
2010-12-30 | CVE-2010-4624 | Permissions, Privileges, and Access Controls vulnerability in Mybb MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created. | 3.5 |
2008-09-11 | CVE-2008-3967 | Permissions, Privileges, and Access Controls vulnerability in Mybb moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. | 7.5 |
2008-09-11 | CVE-2008-3966 | Cross-Site Scripting vulnerability in Mybb Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. | 4.3 |
2008-09-11 | CVE-2008-3965 | SQL Injection vulnerability in Mybb SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field. | 7.5 |
2008-07-27 | CVE-2008-3334 | Cross-Site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. | 4.3 |
2008-07-08 | CVE-2008-3071 | Path Traversal vulnerability in Mybb Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable. | 7.5 |
2008-07-08 | CVE-2008-3070 | SQL-Injection vulnerability in MyBB Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. | 7.5 |
2008-07-08 | CVE-2008-3069 | Cross-Site Scripting vulnerability in Mybb Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php. | 4.3 |