CVSS: 5.0EPSS: 2%CPEs: 37EXPL: 0CVE-2010-4628
https://notcve.org/view.php?id=CVE-2010-4628
member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table. member.php de MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 hace una llamada superflua a la función SQL COUNT; lo que permite, a atacantes remotos, provocar una denegación de servició (consumo de todos los recursos) haciendo peticiones a member.php que generan la lectura de toda la tabla de usuarios. • http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update http://dev.mybboard.net/issues/662 http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/64514 •
CVSS: 5.0EPSS: 2%CPEs: 37EXPL: 0CVE-2010-4629
https://notcve.org/view.php?id=CVE-2010-4629
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php. MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 no restringe apropiadamente los valores uid para peticiones de unión de grupo; lo que permite, a atacantes remotos, provocar una denegación de servicio (consumo de todos los recursos) usando un acceso de invitado para enviar formularios de peticiones de unión para grupos moderados. Vulnerabilidad relacionada con usercp.php y managegroup.php. • http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update http://dev.mybboard.net/issues/722 http://dev.mybboard.net/projects/mybb/repository/revisions/4856 http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/64513 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 37EXPL: 0CVE-2010-4624
https://notcve.org/view.php?id=CVE-2010-4624
MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created. MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 permite a usuarios autenticados remotos evitar las restricciones previstas en el número de [img] MyCodes editando un post después de que haya sido creado. • http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update http://dev.mybboard.net/issues/728 http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/64518 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 1CVE-2008-3966
https://notcve.org/view.php?id=CVE-2008-3966
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MyBB (alias MyBulletinBoard) en versiones anteriores a 1.4.1 que permite a los atacantes remotos inyectar una secuencia arbitraria de comandos web o HTML a través de (1) un cierto campo origen en in usercp2.php, (2) un cierto campo origen en inc/functions_online.php, y ciertos campos (3) tsubject y (4) psubject en moderation.php • http://community.mybboard.net/attachment.php?aid=10579 http://community.mybboard.net/showthread.php?tid=36022 http://secunia.com/advisories/31760 http://www.openwall.com/lists/oss-security/2008/09/09/1 http://www.openwall.com/lists/oss-security/2008/09/09/9 http://www.securityfocus.com/bid/31104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2008-3967
https://notcve.org/view.php?id=CVE-2008-3967
moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. moderation.php en MyBB (también conocido como MyBulletinBoard) versiones anteriores a 1.4.1 no comprueba adecuadamente los privilegios del moderados, lo cual tiene un impacto y vectores de ataque desconocidos. • http://community.mybboard.net/attachment.php?aid=10579 http://community.mybboard.net/showthread.php?tid=36022 http://secunia.com/advisories/31760 http://www.openwall.com/lists/oss-security/2008/09/09/1 http://www.openwall.com/lists/oss-security/2008/09/09/9 http://www.securityfocus.com/bid/31104 • CWE-264: Permissions, Privileges, and Access Controls •