Vulnerabilities > Mybulletinboard > Mybulletinboard > 1.0.rc2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-25 | CVE-2006-4972 | Cross-Site Scripting vulnerability in MyBulletinBoard Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter. | 5.1 |
2006-09-25 | CVE-2006-4971 | Information Disclosure vulnerability in MyBulletinBoard MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message. | 5.0 |
2006-08-01 | CVE-2006-3954 | Directory Traversal vulnerability in MyBulletinBoard Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-08-01 | CVE-2006-3953 | Cross-Site Scripting vulnerability in MyBulletinBoard UserCP.PHP Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. network mybulletinboard | 4.3 |
2006-07-21 | CVE-2006-3761 | Cross-Site Scripting vulnerability in Mybulletinboard Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". | 4.3 |
2006-06-27 | CVE-2006-3243 | SQL-Injection vulnerability in MyBulletinBoard SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. | 7.5 |
2006-04-21 | CVE-2006-1974 | SQL Injection vulnerability in MyBB Index.PHP Referrer Cookie SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. | 7.5 |
2006-02-18 | CVE-2006-0770 | Cross-Site Scripting vulnerability in MyBulletinBoard Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". | 2.6 |
2006-02-02 | CVE-2006-0523 | SQL-Injection vulnerability in MyBulletinBoard SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable. | 7.5 |
2006-01-31 | CVE-2006-0470 | Cross-Site Scripting vulnerability in MyBB Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection. network mybulletinboard | 4.3 |