CVSS: 8.8EPSS: 1%CPEs: 25EXPL: 3CVE-2008-0787 – MyBulletinBoard (MyBB) 1.2.11 - 'private.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0787
15 Feb 2008 — SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php. Vulnerabilidad de inyección de SQL en inc/datahandlers/pm.php en MyBB anterior a v1.2.12, permite a usuarios autentificados remotamente ejecutar comandos SQL de su eleccion a través del parámetro "options"[disablesmilies] del private.php • https://www.exploit-db.com/exploits/5070 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 1CVE-2006-3953
https://notcve.org/view.php?id=CVE-2006-3953
01 Aug 2006 — Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en usercp.php en MyBB (aka MyBulletinBoard) 1.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro gallery. • http://securityreason.com/securityalert/1319 •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 1CVE-2006-3954
https://notcve.org/view.php?id=CVE-2006-3954
01 Aug 2006 — Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action. Vulnerabilidad de salto de directorio en usercp.php en MyBB (también conocido como MyBulletinBoard) 1.x permite a atacantes remotos leer archivos de su elección a través de la secuencia ..(punto punto) en el parámetro gallery en un acción (1) avatar o (2) do_avatar. • http://securityreason.com/securityalert/1319 •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 3CVE-2006-3761
https://notcve.org/view.php?id=CVE-2006-3761
21 Jul 2006 — Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en inc/functions_post.php de MyBB (alias MyBulletinBoard) en versiones 1.0 RC2 hasta 1.1.4, permite a atacantes remotos inyectar secuencia... • http://community.mybboard.net/showthread.php?tid=10115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2006-3243
https://notcve.org/view.php?id=CVE-2006-3243
27 Jun 2006 — SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. Vulnerabilidad de inyección SQL en usercp.php en MyBB (MyBulletinBoard) v1.0 hasta v1.1.3 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro showcodebuttons. • http://community.mybboard.net/showthread.php?tid=9955 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2006-1974 – MyBB 1.0/1.1 - 'index.php' Referrer Cookie SQL Injection
https://notcve.org/view.php?id=CVE-2006-1974
21 Apr 2006 — SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. • https://www.exploit-db.com/exploits/27155 •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 5CVE-2006-1281
https://notcve.org/view.php?id=CVE-2006-1281
19 Mar 2006 — Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. • http://community.mybboard.net/showthread.php?tid=7368 •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 3CVE-2006-1282
https://notcve.org/view.php?id=CVE-2006-1282
19 Mar 2006 — CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. • http://community.mybboard.net/showthread.php?tid=7368 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2006-0770
https://notcve.org/view.php?id=CVE-2006-0770
18 Feb 2006 — Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/18866 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2006-0523
https://notcve.org/view.php?id=CVE-2006-0523
02 Feb 2006 — SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable. • http://community.mybboard.net/showthread.php?tid=6418 •