Vulnerabilities > Mybulletinboard > Mybulletinboard
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-30 | CVE-2006-4449 | HTML Injection vulnerability in Mybulletinboard 1.1.7 Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer. | 5.1 |
2006-08-01 | CVE-2006-3954 | Directory Traversal vulnerability in MyBulletinBoard Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-08-01 | CVE-2006-3953 | Cross-Site Scripting vulnerability in MyBulletinBoard UserCP.PHP Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. network mybulletinboard | 4.3 |
2006-07-24 | CVE-2006-3775 | SQL Injection vulnerability in Mybulletinboard 1.1.5 SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php. | 7.5 |
2006-07-21 | CVE-2006-3761 | Cross-Site Scripting vulnerability in Mybulletinboard Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". | 4.3 |
2006-07-21 | CVE-2006-3760 | SQL-Injection vulnerability in Mybulletinboard 1.1.4 Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-07-21 | CVE-2006-3759 | Remote Security vulnerability in Mybulletinboard 1.1.4 Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation." This vulnerability is addressed in the following product release: MyBB, MyBB, 1.1.5 | 5.0 |
2006-07-21 | CVE-2006-3758 | SQL-Injection vulnerability in Mybulletinboard 1.1.4 inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php. | 7.5 |
2006-07-07 | CVE-2006-3420 | Cross-Site Request Forgery vulnerability in MyBulletinBoard Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. | 7.5 |
2006-06-27 | CVE-2006-3243 | SQL-Injection vulnerability in MyBulletinBoard SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. | 7.5 |