CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3069
https://notcve.org/view.php?id=CVE-2008-3069
08 Jul 2008 — Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MyBB anterior a 1.2.13, permite a atacantes remotos inyectar secuencias de comandos Web o HTML mediante parámetros no especificados en (1) portal.php y (2) inc/functions_post.php. • http://community.mybboard.net/attachment.php?aid=9272 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3070
https://notcve.org/view.php?id=CVE-2008-3070
08 Jul 2008 — Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. Vulnerabilidad sin especificar en inc/datahandler/user.php en MyBB anterior a 1.2.13, tiene un impacto y vectores de ataque desconocidos en relación con la variable $user['language'], probablemente relacionado con la inyección SQL. • http://community.mybboard.net/attachment.php?aid=9272 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3071
https://notcve.org/view.php?id=CVE-2008-3071
08 Jul 2008 — Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable. Vulnerabilidad de salto de directorio en inc/class_language.php de MyBB anterior a 1.2.13, tiene un impacto y vectores de ataque desconocidos relacionados con la variable $language. • http://community.mybboard.net/attachment.php?aid=9272 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0788
https://notcve.org/view.php?id=CVE-2008-0788
15 Feb 2008 — Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the authentication of arbitrary users for requests that delete private messages (PM) via a delete action to private.php. Múltiples vulnerabilidades de tipo cross-site request forgery (CSRF) en MyBB versión 1.2.11 y anteriores, permiten a... • http://community.mybboard.net/showthread.php?tid=27675 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2008-0383 – MyBB 1.2.10 - 'moderation.php' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-0383
22 Jan 2008 — Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php. Múltiples vulnerabilidades de inyección SQL en MyBB 1.2.10 y anteriores permite a moderadores remotos y administradores ejecutar comnando... • https://www.exploit-db.com/exploits/31034 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2007-0689
https://notcve.org/view.php?id=CVE-2007-0689
14 May 2007 — MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message. MyBB 1.2.4 permite a atacantes remotos obtener información sensible a través del parámetro (1) action[] en member.php, el parámetro (2)imagehash[] en captcha.php, and (3) una respuesta directa en inc/datahandlers/event.php, el cual re... • http://marc.info/?l=full-disclosure&m=117909973216181&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2007-1963 – MyBulletinBoard (MyBB) 1.2.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-1963
11 Apr 2007 — SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. Vulnerabilidad de inyección SQL en la función create_session en class_session.php de MyBB (también conocido como MyBulletinBoard) 1.2.3 y anteriores permite a atacantes remotos ejecutar comandos sql de su elección mediante la cabecera ... • https://www.exploit-db.com/exploits/3653 •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2006-0218
https://notcve.org/view.php?id=CVE-2006-0218
16 Jan 2006 — Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one ... • http://community.mybboard.net/showthread.php?tid=5852 •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2005-4199
https://notcve.org/view.php?id=CVE-2005-4199
13 Dec 2005 — Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •