CVSS: 6.8EPSS: 0%CPEs: 37EXPL: 0CVE-2010-4627
https://notcve.org/view.php?id=CVE-2010-4627
Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB (aka MyBulletinBoard) before 1.4.12 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de de falsificación de petición en sitios cruzados (CSRF) en usercp2.php de MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12. Permite a atacantes remotos secuestrar la autenticación de víctimas sin especificar a través de vectores desconocidos. • http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update http://dev.mybboard.net/issues/852 http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/64515 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.1EPSS: 0%CPEs: 37EXPL: 0CVE-2010-4626
https://notcve.org/view.php?id=CVE-2010-4626
The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack. La función my_rand de functions.php de MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 no utiliza apropiadamente la función de PHP mt_rand, lo que facilita a atacantes remotos obtener acceso a cuentas de su elección solicitando un reinicio de la contraseña de la cuenta y, a continuación, realizando un ataque de fuerza bruta. • http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update http://dev.mybboard.net/issues/843 http://dev.mybboard.net/projects/mybb/repository/revisions/4872 http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/64516 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 2%CPEs: 37EXPL: 0CVE-2010-4628
https://notcve.org/view.php?id=CVE-2010-4628
member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain superfluous call to the SQL COUNT function, which allows remote attackers to cause a denial of service (resource consumption) by making requests to member.php that trigger scans of the entire users table. member.php de MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 hace una llamada superflua a la función SQL COUNT; lo que permite, a atacantes remotos, provocar una denegación de servició (consumo de todos los recursos) haciendo peticiones a member.php que generan la lectura de toda la tabla de usuarios. • http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update http://dev.mybboard.net/issues/662 http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/64514 •
CVSS: 5.0EPSS: 2%CPEs: 37EXPL: 0CVE-2010-4629
https://notcve.org/view.php?id=CVE-2010-4629
MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict uid values for group join requests, which allows remote attackers to cause a denial of service (resource consumption) by using guest access to submit join request forms for moderated groups, related to usercp.php and managegroup.php. MyBB (MyBulletinBoard) en versiones anteriores a la 1.4.12 no restringe apropiadamente los valores uid para peticiones de unión de grupo; lo que permite, a atacantes remotos, provocar una denegación de servicio (consumo de todos los recursos) usando un acceso de invitado para enviar formularios de peticiones de unión para grupos moderados. Vulnerabilidad relacionada con usercp.php y managegroup.php. • http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update http://dev.mybboard.net/issues/722 http://dev.mybboard.net/projects/mybb/repository/revisions/4856 http://openwall.com/lists/oss-security/2010/10/08/7 http://openwall.com/lists/oss-security/2010/10/11/8 http://openwall.com/lists/oss-security/2010/12/06/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/64513 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4522
https://notcve.org/view.php?id=CVE-2010-4522
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MyBB (MyBulletinBoard) 1.4.14, y 1.6.x anteriores a la 1.6.1. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores relacionados con (1) editpost.php, (2) member.php y (3) newreply.php. • http://blog.mybb.com/2010/12/15/mybb-1-6-1-release-1-4-14-update http://openwall.com/lists/oss-security/2010/12/20/1 http://openwall.com/lists/oss-security/2010/12/22/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •