Vulnerabilities > Mybulletinboard > Mybulletinboard > rc1

DATE CVE VULNERABILITY TITLE RISK
2008-02-15 CVE-2008-0787 SQL Injection vulnerability in Mybulletinboard
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
network
low complexity
mybulletinboard CWE-89
6.5
2006-03-19 CVE-2006-1282 Input Validation vulnerability in MyBB
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages.
network
mybulletinboard
4.3
2006-03-19 CVE-2006-1281 Input Validation vulnerability in MyBB
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272.
network
mybulletinboard
3.5
2005-12-31 CVE-2005-4603 HTML Injection vulnerability in MyBB Print Thread Script
Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread.
network
mybulletinboard
4.3
2005-12-31 CVE-2005-4602 SQL Injection vulnerability in MyBB File Upload
SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment.
network
low complexity
mybulletinboard
7.5
2005-12-13 CVE-2005-4200 SQL Injection vulnerability in MyBB
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199.
network
low complexity
mybulletinboard
critical
10.0
2005-09-02 CVE-2005-2778 SQL Injection vulnerability in MyBB Member.PHP
SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter.
network
low complexity
mybulletinboard
7.5