CVSS: 5.0EPSS: 0%CPEs: 37EXPL: 0CVE-2010-4625
https://notcve.org/view.php?id=CVE-2010-4625
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page. MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 no maneja apropiadamente una configuración de un foro visible que contiene hilos ocultos, lo que permite a atacantes remotos obtener información confidencial leyendo el bloque de hilos últimos de la página del portal. • http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update http://community.mybb.com/thread-66255.html http://dev.mybboard.net/issues/809 http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/64517 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.1EPSS: 0%CPEs: 37EXPL: 0CVE-2010-4626
https://notcve.org/view.php?id=CVE-2010-4626
The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack. La función my_rand de functions.php de MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 no utiliza apropiadamente la función de PHP mt_rand, lo que facilita a atacantes remotos obtener acceso a cuentas de su elección solicitando un reinicio de la contraseña de la cuenta y, a continuación, realizando un ataque de fuerza bruta. • http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update http://dev.mybboard.net/issues/843 http://dev.mybboard.net/projects/mybb/repository/revisions/4872 http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/64516 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2009-4813 – MyBB 1.4.10 - 'myps.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4813
Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en myps.php en MyBB (también conocido como MyBulletinBoard) 1.4.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "username" en una acción "donate". • https://www.exploit-db.com/exploits/33439 http://osvdb.org/61298 http://secunia.com/advisories/37910 http://www.exploit-db.com/exploits/10622 http://www.securityfocus.com/bid/37464 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0CVE-2009-4448
https://notcve.org/view.php?id=CVE-2009-4448
inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors. inc/functions_time.php en MyBB (alias MyBulletinBoard) v1.4.10, y posiblemente versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una solicitud elaborada con un gran valor para el año, lo que dispara un bucle largo, como puede conseguirse a través de member.php y posiblemente otros vectores. • http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update http://dev.mybboard.net/issues/600 http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 http://secunia.com/advisories/37906 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2009-4449
https://notcve.org/view.php?id=CVE-2009-4449
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php. Vulnerabilidad de salto de directorio en MyBB (MyBulletinBoard) v1.4.10, y posiblemente versiones anteriores. Cuando se cambia el avatar de usuario desde la galería, permite a usuarios remotos autenticados determinar la existencia de ficheros a través de secuencias de salto de directorio en el avatar y posiblemente los parámetros de la galería. Relacionado con (1) admin/modules/user/users.php y (2) usercp.php. • http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update http://dev.mybboard.net/issues/617 http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/admin/modules/user/users.php http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/usercp.php http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists&#x • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •