Vulnerabilities > Mybulletinboard > Mybulletinboard > 1.0.pr2

DATE CVE VULNERABILITY TITLE RISK
2008-02-15 CVE-2008-0787 SQL Injection vulnerability in Mybulletinboard
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
network
low complexity
mybulletinboard CWE-89
6.5
6.5
2008-01-22 CVE-2008-0382 Code Injection vulnerability in Mybulletinboard
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
network
low complexity
mybulletinboard CWE-94
7.5
7.5
2006-08-01 CVE-2006-3954 Directory Traversal vulnerability in MyBulletinBoard
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a ..
network
low complexity
mybulletinboard
5.0
5.0
2006-08-01 CVE-2006-3953 Cross-Site Scripting vulnerability in MyBulletinBoard UserCP.PHP
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
network
mybulletinboard
4.3
4.3
2006-07-21 CVE-2006-3761 Cross-Site Scripting vulnerability in Mybulletinboard
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". 		4.3
4.3
2006-06-27 CVE-2006-3243 SQL-Injection vulnerability in MyBulletinBoard
SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.
network
low complexity
mybulletinboard
7.5
7.5
2006-04-21 CVE-2006-1974 SQL Injection vulnerability in MyBB Index.PHP Referrer Cookie
SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter.
network
low complexity
mybulletinboard
7.5
7.5
2006-03-19 CVE-2006-1282 Input Validation vulnerability in MyBB
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages.
network
mybulletinboard
4.3
4.3
2006-03-19 CVE-2006-1281 Input Validation vulnerability in MyBB
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272.
network
mybulletinboard
3.5
3.5
2006-02-18 CVE-2006-0770 Cross-Site Scripting vulnerability in MyBulletinBoard
Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details".
network
high complexity
mybulletinboard
2.6
2.6