CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2009-4448
https://notcve.org/view.php?id=CVE-2009-4448
29 Dec 2009 — inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors. inc/functions_time.php en MyBB (alias MyBulletinBoard) v1.4.10, y posiblemente versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una solicitud elaborada... • http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-7082
https://notcve.org/view.php?id=CVE-2008-7082
25 Aug 2009 — MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header. MyBB (también conocido como MyBulletinBoard) v1.4.3 incluye el parámetro "my_post_key" en URLs en moderation.php con las acciones ... • http://osvdb.org/50275 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4930
https://notcve.org/view.php?id=CVE-2008-4930
04 Nov 2008 — MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks. MyBB (también conocido como MyBulletinBoard) v1.4.2 no maneja de forma adecuada un fichero que se haya subido y que sea de un tipo no estándar que conteng... • http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-4929
https://notcve.org/view.php?id=CVE-2008-4929
04 Nov 2008 — MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames. MyBB (también conocido como MyBulletinBoard) v1.4.2 no emplea suficiente aleatoriedad para componer los nombres de los ficheros que se hayan subido como adjuntos; esto facilita a los atacantes remotos leer estos ficheros deduciendo su nombre. • http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html • CWE-330: Use of Insufficiently Random Values •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 2CVE-2008-4928
https://notcve.org/view.php?id=CVE-2008-4928
04 Nov 2008 — Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función "red... • http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 1CVE-2008-3966
https://notcve.org/view.php?id=CVE-2008-3966
10 Sep 2008 — Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MyBB (alias MyBulletinBoard) en versiones anteriores a 1.4.1 que permite a los atacantes remotos inyectar una s... • http://community.mybboard.net/attachment.php?aid=10579 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2008-3965
https://notcve.org/view.php?id=CVE-2008-3965
10 Sep 2008 — SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field. Vulnerabilidad de inyección SQL en misc.php de MyBB (también conocido como MyBulletinBoard) anterior a 1.4.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante cierto editor de campos. • http://community.mybboard.net/attachment.php?aid=10579 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2008-3967
https://notcve.org/view.php?id=CVE-2008-3967
10 Sep 2008 — moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. moderation.php en MyBB (también conocido como MyBulletinBoard) versiones anteriores a 1.4.1 no comprueba adecuadamente los privilegios del moderados, lo cual tiene un impacto y vectores de ataque desconocidos. • http://community.mybboard.net/attachment.php?aid=10579 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2008-3334
https://notcve.org/view.php?id=CVE-2008-3334
27 Jul 2008 — Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. Una vulnerabilidad de tipo cross-site scripting (XSS) en MyBB versiones 1.2.x anteriores a 1.2.14, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados, posiblemente involucrando el archivo search.php. • http://community.mybboard.net/thread-33865.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3070
https://notcve.org/view.php?id=CVE-2008-3070
08 Jul 2008 — Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. Vulnerabilidad sin especificar en inc/datahandler/user.php en MyBB anterior a 1.2.13, tiene un impacto y vectores de ataque desconocidos en relación con la variable $user['language'], probablemente relacionado con la inyección SQL. • http://community.mybboard.net/attachment.php?aid=9272 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •