Vulnerabilities > Mybulletinboard > Mybulletinboard > 1.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-15 | CVE-2008-0787 | SQL Injection vulnerability in Mybulletinboard SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php. | 6.5 |
2008-01-22 | CVE-2008-0382 | Code Injection vulnerability in Mybulletinboard Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php. | 7.5 |
2006-09-25 | CVE-2006-4972 | Cross-Site Scripting vulnerability in MyBulletinBoard Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter. | 5.1 |
2006-09-25 | CVE-2006-4971 | Information Disclosure vulnerability in MyBulletinBoard MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message. | 5.0 |
2006-08-01 | CVE-2006-3954 | Directory Traversal vulnerability in MyBulletinBoard Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-08-01 | CVE-2006-3953 | Cross-Site Scripting vulnerability in MyBulletinBoard UserCP.PHP Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. network mybulletinboard | 4.3 |
2006-04-20 | CVE-2006-1912 | Cross-Site Scripting vulnerability in Mybulletinboard 1.10 MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. network mybulletinboard | 5.8 |
2006-04-11 | CVE-2006-1717 | HTML Injection vulnerability in Mybulletinboard 1.10 Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. | 5.1 |
2006-04-11 | CVE-2006-1716 | HTML Injection vulnerability in Mybulletinboard 1.10 Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. | 5.1 |
2006-04-05 | CVE-2006-1625 | HTML Injection vulnerability in Mybulletinboard 1.10 Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. network mybulletinboard | 6.8 |