CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2006-1974 – MyBB 1.0/1.1 - 'index.php' Referrer Cookie SQL Injection
https://notcve.org/view.php?id=CVE-2006-1974
SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. • https://www.exploit-db.com/exploits/27155 http://www.securityfocus.com/bid/16443 http://www.securityfocus.com/bid/16443/exploit •
CVSS: 3.5EPSS: 0%CPEs: 11EXPL: 5CVE-2006-1281
https://notcve.org/view.php?id=CVE-2006-1281
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-296.html http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html http://secunia.com/advisories/19213 http://www.osvdb.org/23935 http://www.securityfocus.com/archive/1/427744/100/0/threaded http://www.securityfocus.com/bid/17097 http://www.securityfocus.com/bid/17492 http://www.vupen.com/english/advisories/2006/0971 https://exchange.xforce.ibmcloud.com/vulnerabilities/25266 •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 3CVE-2006-1282
https://notcve.org/view.php?id=CVE-2006-1282
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-295.html http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html http://www.securityfocus.com/archive/1/427747/100/0/threaded http://www.securityfocus.com/bid/17097 https://exchange.xforce.ibmcloud.com/vulnerabilities/25267 •
CVSS: 2.6EPSS: 0%CPEs: 9EXPL: 1CVE-2006-0770
https://notcve.org/view.php?id=CVE-2006-0770
Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/18866 http://www.osvdb.org/23264 http://www.vupen.com/english/advisories/2006/0635 https://exchange.xforce.ibmcloud.com/vulnerabilities/24748 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2006-0523
https://notcve.org/view.php?id=CVE-2006-0523
SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable. • http://community.mybboard.net/showthread.php?tid=6418 http://secunia.com/advisories/18678 http://www.osvdb.org/22903 http://www.vupen.com/english/advisories/2006/0400 https://exchange.xforce.ibmcloud.com/vulnerabilities/24416 •