Vulnerabilities > Mybulletinboard > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-22 | CVE-2006-1345 | Information Disclosure vulnerability in Mybulletinboard 1.10 polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message. | 5.0 |
| 2006-03-19 | CVE-2006-1282 | Input Validation vulnerability in MyBB CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. network mybulletinboard | 4.3 |
| 2006-03-19 | CVE-2006-1272 | Input Validation vulnerability in Mybulletinboard 1.0.3 Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field. network mybulletinboard | 4.3 |
| 2006-03-07 | CVE-2006-1065 | SQL-Injection vulnerability in Mybulletinboard 1.04 SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter. | 5.0 |
| 2006-02-10 | CVE-2006-0639 | Cross-Site Scripting vulnerability in Mybulletinboard 1.0.2 Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E. network mybulletinboard | 4.3 |
| 2006-02-10 | CVE-2006-0638 | SQL Injection vulnerability in Mybulletinboard 1.0.3 SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter. | 6.5 |
| 2006-02-01 | CVE-2006-0495 | HTML Injection vulnerability in Mybulletinboard 1.0.2 Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable). network mybulletinboard | 4.3 |
| 2006-02-01 | CVE-2006-0494 | Directory Traversal vulnerability in Mybulletinboard 1.0.2 Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter. | 4.3 |
| 2006-01-31 | CVE-2006-0470 | Cross-Site Scripting vulnerability in MyBB Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection. network mybulletinboard | 4.3 |
| 2006-01-25 | CVE-2006-0406 | Information Disclosure vulnerability in Mybulletinboard 1.0.2 search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters. | 5.0 |