CVE-2006-3953
https://notcve.org/view.php?id=CVE-2006-3953
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en usercp.php en MyBB (aka MyBulletinBoard) 1.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro gallery. • http://securityreason.com/securityalert/1319 http://www.securityfocus.com/archive/1/441534/100/0/threaded http://www.securityfocus.com/bid/19193 •
CVE-2006-1912 – MyBB 1.1 - Global Variable Overwrite
https://notcve.org/view.php?id=CVE-2006-1912
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. • https://www.exploit-db.com/exploits/27667 http://community.mybboard.net/showthread.php?tid=8232 http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html http://secunia.com/advisories/19668 http://www.osvdb.org/24710 http://www.osvdb.org/24711 http://www.securityfocus.com/archive/1/431061/30/5580/threaded http://www.vupen.com/english/advisories/2006/1381 https://exchange.xforce.ibmcloud.com/vulnerabilities/25865 •
CVE-2006-1716
https://notcve.org/view.php?id=CVE-2006-1716
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. Vulnerabilidad de XSS en inc/functions_post.php en MyBB (también conocido como MyBulletinBoard) 1.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un evento JavaScript en una etiqueta BBCode img. NOTA: el vector de correo electrónico ya esta cubierto par la CVE-2006-1625, aunque podría provenir del mismo caso central. • http://kapda.ir/advisory-305.html http://myimei.com/security/2006-03-12/mybb-110functions_postphpxss-attack.html http://secunia.com/advisories/19516 http://www.osvdb.org/24375 http://www.securityfocus.com/archive/1/430344/100/0/threaded http://www.securityfocus.com/bid/17413 https://exchange.xforce.ibmcloud.com/vulnerabilities/25615 •
CVE-2006-1717
https://notcve.org/view.php?id=CVE-2006-1717
Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. • http://secunia.com/advisories/19516 http://www.securityfocus.com/archive/1/430464/100/0/threaded http://www.securityfocus.com/bid/17427 https://exchange.xforce.ibmcloud.com/vulnerabilities/25730 •
CVE-2006-1625
https://notcve.org/view.php?id=CVE-2006-1625
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. Vulnerabilidad de XSS en inc/functions_post.php en MyBB (también conocido como MyBulletinBoard) 1.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un evento JavaScript en una etiqueta de correo electrónico BBCode, como se demuestra usando el evento onmousemove. • http://secunia.com/advisories/19516 http://www.osvdb.org/24375 http://www.securityfocus.com/archive/1/429748/100/0/threaded http://www.securityfocus.com/bid/17368 http://www.vupen.com/english/advisories/2006/1216 https://exchange.xforce.ibmcloud.com/vulnerabilities/25615 •