Vulnerabilities > Mybulletinboard > Mybulletinboard > 1.04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-01 | CVE-2006-3954 | Directory Traversal vulnerability in MyBulletinBoard Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-08-01 | CVE-2006-3953 | Cross-Site Scripting vulnerability in MyBulletinBoard UserCP.PHP Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. network mybulletinboard | 4.3 |
| 2006-07-21 | CVE-2006-3761 | Cross-Site Scripting vulnerability in Mybulletinboard Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". | 4.3 |
| 2006-06-27 | CVE-2006-3243 | SQL-Injection vulnerability in MyBulletinBoard SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. | 7.5 |
| 2006-03-07 | CVE-2006-1065 | SQL-Injection vulnerability in Mybulletinboard 1.04 SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter. | 5.0 |