CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2007-1963 – MyBulletinBoard (MyBB) 1.2.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2007-1963
11 Apr 2007 — SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. Vulnerabilidad de inyección SQL en la función create_session en class_session.php de MyBB (también conocido como MyBulletinBoard) 1.2.3 y anteriores permite a atacantes remotos ejecutar comandos sql de su elección mediante la cabecera ... • https://www.exploit-db.com/exploits/3653 •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-1964
https://notcve.org/view.php?id=CVE-2007-1964
11 Apr 2007 — member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output. member.php en MyBB (también conocido como MyBulletinBoard), cuando el modo de depuración está disponible, permite a atacantes remotos autenticados cambiar la contraseña de cualquier cuenta dando la di... • http://securityreason.com/securityalert/2544 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0622
https://notcve.org/view.php?id=CVE-2007-0622
31 Jan 2007 — Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en MyBB (también conocido como MyBulletinBoard) 1.2.2 permite a atacantes remotos enviar mensajes a usuarios de su elección. NOTA: El origen de esta información es desconocido; los d... • http://osvdb.org/32968 •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0544
https://notcve.org/view.php?id=CVE-2007-0544
29 Jan 2007 — Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en private.php de MyBB (también conocido como MyBulletinBoard) permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través del campo Asunto (Subject), un vector distinto de C... • http://osvdb.org/32967 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2006-0442 – MyBB 1.0.1/1.0.2 Notepad - 'usercp.php' HTML Injection
https://notcve.org/view.php?id=CVE-2006-0442
26 Jan 2006 — Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219. Múltiples vulnerabilidades de XSS en usercp.php en MyBulletinBoard (MyBB) 1.02 permiten a atacantes remotos inyectar secuencias de co... • https://www.exploit-db.com/exploits/27122 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2006-0218
https://notcve.org/view.php?id=CVE-2006-0218
16 Jan 2006 — Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one ... • http://community.mybboard.net/showthread.php?tid=5852 •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2005-4199
https://notcve.org/view.php?id=CVE-2005-4199
13 Dec 2005 — Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •