Page 22 of 124 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames. MyBB (también conocido como MyBulletinBoard) v1.4.2 no emplea suficiente aleatoriedad para componer los nombres de los ficheros que se hayan subido como adjuntos; esto facilita a los atacantes remotos leer estos ficheros deduciendo su nombre. • http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html http://www.openwall.com/lists/oss-security/2008/11/01/2 http://www.securityfocus.com/bid/31936 http://www.vupen.com/english/advisories/2008/2967 • CWE-330: Use of Insufficiently Random Values •

CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en MyBB (alias MyBulletinBoard) en versiones anteriores a 1.4.1 que permite a los atacantes remotos inyectar una secuencia arbitraria de comandos web o HTML a través de (1) un cierto campo origen en in usercp2.php, (2) un cierto campo origen en inc/functions_online.php, y ciertos campos (3) tsubject y (4) psubject en moderation.php • http://community.mybboard.net/attachment.php?aid=10579 http://community.mybboard.net/showthread.php?tid=36022 http://secunia.com/advisories/31760 http://www.openwall.com/lists/oss-security/2008/09/09/1 http://www.openwall.com/lists/oss-security/2008/09/09/9 http://www.securityfocus.com/bid/31104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0

SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field. Vulnerabilidad de inyección SQL en misc.php de MyBB (también conocido como MyBulletinBoard) anterior a 1.4.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante cierto editor de campos. • http://community.mybboard.net/attachment.php?aid=10579 http://community.mybboard.net/showthread.php?tid=36022 http://secunia.com/advisories/31760 http://www.openwall.com/lists/oss-security/2008/09/09/1 http://www.openwall.com/lists/oss-security/2008/09/09/9 http://www.securityfocus.com/bid/31104 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0

moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. moderation.php en MyBB (también conocido como MyBulletinBoard) versiones anteriores a 1.4.1 no comprueba adecuadamente los privilegios del moderados, lo cual tiene un impacto y vectores de ataque desconocidos. • http://community.mybboard.net/attachment.php?aid=10579 http://community.mybboard.net/showthread.php?tid=36022 http://secunia.com/advisories/31760 http://www.openwall.com/lists/oss-security/2008/09/09/1 http://www.openwall.com/lists/oss-security/2008/09/09/9 http://www.securityfocus.com/bid/31104 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0

Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. Una vulnerabilidad de tipo cross-site scripting (XSS) en MyBB versiones 1.2.x anteriores a 1.2.14, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados, posiblemente involucrando el archivo search.php. • http://community.mybboard.net/thread-33865.html http://secunia.com/advisories/31216 http://www.securityfocus.com/bid/30401 https://exchange.xforce.ibmcloud.com/vulnerabilities/44034 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •