Vulnerabilities > Mybulletinboard > Mybulletinboard > 1.0.rc4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-01 | CVE-2006-3954 | Directory Traversal vulnerability in MyBulletinBoard Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-08-01 | CVE-2006-3953 | Cross-Site Scripting vulnerability in MyBulletinBoard UserCP.PHP Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. network mybulletinboard | 4.3 |
2006-07-21 | CVE-2006-3761 | Cross-Site Scripting vulnerability in Mybulletinboard Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". | 4.3 |
2006-06-27 | CVE-2006-3243 | SQL-Injection vulnerability in MyBulletinBoard SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. | 7.5 |
2006-04-21 | CVE-2006-1974 | SQL Injection vulnerability in MyBB Index.PHP Referrer Cookie SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. | 7.5 |
2006-02-18 | CVE-2006-0770 | Cross-Site Scripting vulnerability in MyBulletinBoard Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". | 2.6 |
2006-02-02 | CVE-2006-0523 | SQL-Injection vulnerability in MyBulletinBoard SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable. | 7.5 |
2006-01-31 | CVE-2006-0470 | Cross-Site Scripting vulnerability in MyBB Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection. network mybulletinboard | 4.3 |
2006-01-22 | CVE-2006-0364 | Cross-Site Scripting vulnerability in Mybulletinboard Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript". | 4.3 |
2005-12-31 | CVE-2005-4603 | HTML Injection vulnerability in MyBB Print Thread Script Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread. network mybulletinboard | 4.3 |