CVSS: 6.8EPSS: 0%CPEs: 37EXPL: 0CVE-2010-4627
https://notcve.org/view.php?id=CVE-2010-4627
Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de de falsificación de petición en sitios cruzados (CSRF) en usercp2.php de MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12. Permite a atacantes remotos secuestrar la autenticación de víctimas sin especificar a través de vectores desconocidos. • http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update http://dev.mybboard.net/issues/852 http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/64515 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 37EXPL: 0CVE-2010-4625
https://notcve.org/view.php?id=CVE-2010-4625
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page. MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 no maneja apropiadamente una configuración de un foro visible que contiene hilos ocultos, lo que permite a atacantes remotos obtener información confidencial leyendo el bloque de hilos últimos de la página del portal. • http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update http://community.mybb.com/thread-66255.html http://dev.mybboard.net/issues/809 http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/64517 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.1EPSS: 0%CPEs: 37EXPL: 0CVE-2010-4626
https://notcve.org/view.php?id=CVE-2010-4626
The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack. La función my_rand de functions.php de MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 no utiliza apropiadamente la función de PHP mt_rand, lo que facilita a atacantes remotos obtener acceso a cuentas de su elección solicitando un reinicio de la contraseña de la cuenta y, a continuación, realizando un ataque de fuerza bruta. • http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update http://dev.mybboard.net/issues/843 http://dev.mybboard.net/projects/mybb/repository/revisions/4872 http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/64516 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 1CVE-2008-3966
https://notcve.org/view.php?id=CVE-2008-3966
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MyBB (alias MyBulletinBoard) en versiones anteriores a 1.4.1 que permite a los atacantes remotos inyectar una secuencia arbitraria de comandos web o HTML a través de (1) un cierto campo origen en in usercp2.php, (2) un cierto campo origen en inc/functions_online.php, y ciertos campos (3) tsubject y (4) psubject en moderation.php • http://community.mybboard.net/attachment.php?aid=10579 http://community.mybboard.net/showthread.php?tid=36022 http://secunia.com/advisories/31760 http://www.openwall.com/lists/oss-security/2008/09/09/1 http://www.openwall.com/lists/oss-security/2008/09/09/9 http://www.securityfocus.com/bid/31104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2008-3965
https://notcve.org/view.php?id=CVE-2008-3965
SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field. Vulnerabilidad de inyección SQL en misc.php de MyBB (también conocido como MyBulletinBoard) anterior a 1.4.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante cierto editor de campos. • http://community.mybboard.net/attachment.php?aid=10579 http://community.mybboard.net/showthread.php?tid=36022 http://secunia.com/advisories/31760 http://www.openwall.com/lists/oss-security/2008/09/09/1 http://www.openwall.com/lists/oss-security/2008/09/09/9 http://www.securityfocus.com/bid/31104 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •