Vulnerabilities > Mybulletinboard
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-04-11 | CVE-2006-1716 | HTML Injection vulnerability in Mybulletinboard 1.10 Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. | 5.1 |
2006-04-05 | CVE-2006-1625 | HTML Injection vulnerability in Mybulletinboard 1.10 Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. network mybulletinboard | 6.8 |
2006-03-22 | CVE-2006-1345 | Information Disclosure vulnerability in Mybulletinboard 1.10 polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message. | 5.0 |
2006-03-19 | CVE-2006-1282 | Input Validation vulnerability in MyBB CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. network mybulletinboard | 4.3 |
2006-03-19 | CVE-2006-1281 | Input Validation vulnerability in MyBB Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. network mybulletinboard | 3.5 |
2006-03-19 | CVE-2006-1272 | Input Validation vulnerability in Mybulletinboard 1.0.3 Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field. network mybulletinboard | 4.3 |
2006-03-07 | CVE-2006-1065 | SQL-Injection vulnerability in Mybulletinboard 1.04 SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter. | 5.0 |
2006-03-02 | CVE-2006-0959 | SQL Injection vulnerability in Mybulletinboard 1.0.3/1.0.4 SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. | 7.5 |
2006-02-18 | CVE-2006-0770 | Cross-Site Scripting vulnerability in MyBulletinBoard Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". | 2.6 |
2006-02-10 | CVE-2006-0639 | Cross-Site Scripting vulnerability in Mybulletinboard 1.0.2 Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E. network mybulletinboard | 4.3 |