CVE-2006-3954
https://notcve.org/view.php?id=CVE-2006-3954
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action. Vulnerabilidad de salto de directorio en usercp.php en MyBB (también conocido como MyBulletinBoard) 1.x permite a atacantes remotos leer archivos de su elección a través de la secuencia ..(punto punto) en el parámetro gallery en un acción (1) avatar o (2) do_avatar. • http://securityreason.com/securityalert/1319 http://www.securityfocus.com/archive/1/441534/100/0/threaded http://www.securityfocus.com/bid/19195 •
CVE-2006-3953
https://notcve.org/view.php?id=CVE-2006-3953
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en usercp.php en MyBB (aka MyBulletinBoard) 1.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro gallery. • http://securityreason.com/securityalert/1319 http://www.securityfocus.com/archive/1/441534/100/0/threaded http://www.securityfocus.com/bid/19193 •
CVE-2006-1281
https://notcve.org/view.php?id=CVE-2006-1281
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-296.html http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html http://secunia.com/advisories/19213 http://www.osvdb.org/23935 http://www.securityfocus.com/archive/1/427744/100/0/threaded http://www.securityfocus.com/bid/17097 http://www.securityfocus.com/bid/17492 http://www.vupen.com/english/advisories/2006/0971 https://exchange.xforce.ibmcloud.com/vulnerabilities/25266 •
CVE-2006-1282
https://notcve.org/view.php?id=CVE-2006-1282
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-295.html http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html http://www.securityfocus.com/archive/1/427747/100/0/threaded http://www.securityfocus.com/bid/17097 https://exchange.xforce.ibmcloud.com/vulnerabilities/25267 •
CVE-2005-4602
https://notcve.org/view.php?id=CVE-2005-4602
SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment. • http://secunia.com/advisories/18281 http://securityreason.com/securityalert/311 http://www.osvdb.org/22159 http://www.securityfocus.com/archive/1/420573/100/0/threaded http://www.securityfocus.com/bid/16097 http://www.vupen.com/english/advisories/2006/0012 •