Vulnerabilities > Mybulletinboard

DATE CVE VULNERABILITY TITLE RISK
2006-04-11 CVE-2006-1716 HTML Injection vulnerability in Mybulletinboard 1.10
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag.
network
high complexity
mybulletinboard
5.1
2006-04-05 CVE-2006-1625 HTML Injection vulnerability in Mybulletinboard 1.10
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event.
network
mybulletinboard
6.8
2006-03-22 CVE-2006-1345 Information Disclosure vulnerability in Mybulletinboard 1.10
polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message.
network
low complexity
mybulletinboard
5.0
2006-03-19 CVE-2006-1282 Input Validation vulnerability in MyBB
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages.
network
mybulletinboard
4.3
2006-03-19 CVE-2006-1281 Input Validation vulnerability in MyBB
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272.
network
mybulletinboard
3.5
2006-03-19 CVE-2006-1272 Input Validation vulnerability in Mybulletinboard 1.0.3
Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field.
network
mybulletinboard
4.3
2006-03-07 CVE-2006-1065 SQL-Injection vulnerability in Mybulletinboard 1.04
SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter.
network
low complexity
mybulletinboard
5.0
2006-03-02 CVE-2006-0959 SQL Injection vulnerability in Mybulletinboard 1.0.3/1.0.4
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie.
network
low complexity
mybulletinboard CWE-89
7.5
2006-02-18 CVE-2006-0770 Cross-Site Scripting vulnerability in MyBulletinBoard
Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details".
network
high complexity
mybulletinboard
2.6
2006-02-10 CVE-2006-0639 Cross-Site Scripting vulnerability in Mybulletinboard 1.0.2
Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E.
network
mybulletinboard
4.3