Vulnerabilities > Mybulletinboard > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-21 | CVE-2006-3759 | Remote Security vulnerability in Mybulletinboard 1.1.4 Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation." This vulnerability is addressed in the following product release: MyBB, MyBB, 1.1.5 | 5.0 |
| 2006-06-12 | CVE-2006-2949 | Cross-Site Scripting vulnerability in Mybulletinboard 1.1.2 Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. network mybulletinboard | 6.8 |
| 2006-05-25 | CVE-2006-2589 | SQL-Injection vulnerability in Mybulletinboard 1.1.1 SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. | 6.4 |
| 2006-05-12 | CVE-2006-2336 | SQL Injection vulnerability in Mybulletinboard 1.1.1 SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. | 6.4 |
| 2006-05-12 | CVE-2006-2333 | SQL-Injection vulnerability in Mybulletinboard 1.1.1 Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php. | 6.4 |
| 2006-04-20 | CVE-2006-1912 | Cross-Site Scripting vulnerability in Mybulletinboard 1.10 MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. network mybulletinboard | 5.8 |
| 2006-04-20 | CVE-2006-1911 | Cross-Site Scripting vulnerability in Mybulletinboard 1.1 Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment. network mybulletinboard | 4.3 |
| 2006-04-11 | CVE-2006-1717 | HTML Injection vulnerability in Mybulletinboard 1.10 Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. | 5.1 |
| 2006-04-11 | CVE-2006-1716 | HTML Injection vulnerability in Mybulletinboard 1.10 Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. | 5.1 |
| 2006-04-05 | CVE-2006-1625 | HTML Injection vulnerability in Mybulletinboard 1.10 Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. network mybulletinboard | 6.8 |