Vulnerabilities > Mybb

DATE CVE VULNERABILITY TITLE RISK
2007-04-11 CVE-2007-1964 Denial-Of-Service vulnerability in MyBulletinBoard
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
6.0
2007-04-11 CVE-2007-1963 SQL-Injection vulnerability in MyBB
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
network
low complexity
mybb mybulletinboard
7.5
2007-04-10 CVE-2007-1906 Local File Include vulnerability in eCardMAX HotEditor
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a ..
network
ecardmax-com mybb
6.8
2007-01-31 CVE-2007-0622 Cross-Site Request Forgery vulnerability in Mybb 1.2.2
Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users.
network
low complexity
mybb
5.0
2007-01-29 CVE-2007-0544 HTML Injection vulnerability in Mybb 1.2.3
Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.
network
mybb
6.0
2006-04-27 CVE-2006-2070 Cross-Site Scripting vulnerability in Mybb Devbb 1.0.0
Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action.
network
mybb
4.3
2006-01-26 CVE-2006-0442 Cross-Site Scripting vulnerability in Mybb 1.0.2
Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action.
network
mybb CWE-79
4.3
2006-01-16 CVE-2006-0218 SQL-Injection vulnerability in MyBB
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection.
network
low complexity
mybb
critical
10.0
2005-12-13 CVE-2005-4199 SQL Injection vulnerability in Mybb 1.0
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.
network
low complexity
mybb CWE-89
7.5