Page 24 of 134 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0

SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field. Vulnerabilidad de inyección SQL en misc.php de MyBB (también conocido como MyBulletinBoard) anterior a 1.4.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante cierto editor de campos. • http://community.mybboard.net/attachment.php?aid=10579 http://community.mybboard.net/showthread.php?tid=36022 http://secunia.com/advisories/31760 http://www.openwall.com/lists/oss-security/2008/09/09/1 http://www.openwall.com/lists/oss-security/2008/09/09/9 http://www.securityfocus.com/bid/31104 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0

moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. moderation.php en MyBB (también conocido como MyBulletinBoard) versiones anteriores a 1.4.1 no comprueba adecuadamente los privilegios del moderados, lo cual tiene un impacto y vectores de ataque desconocidos. • http://community.mybboard.net/attachment.php?aid=10579 http://community.mybboard.net/showthread.php?tid=36022 http://secunia.com/advisories/31760 http://www.openwall.com/lists/oss-security/2008/09/09/1 http://www.openwall.com/lists/oss-security/2008/09/09/9 http://www.securityfocus.com/bid/31104 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0

Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. Una vulnerabilidad de tipo cross-site scripting (XSS) en MyBB versiones 1.2.x anteriores a 1.2.14, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados, posiblemente involucrando el archivo search.php. • http://community.mybboard.net/thread-33865.html http://secunia.com/advisories/31216 http://www.securityfocus.com/bid/30401 https://exchange.xforce.ibmcloud.com/vulnerabilities/44034 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MyBB anterior a 1.2.13, permite a atacantes remotos inyectar secuencias de comandos Web o HTML mediante parámetros no especificados en (1) portal.php y (2) inc/functions_post.php. • http://community.mybboard.net/attachment.php?aid=9272 http://community.mybboard.net/showthread.php?tid=31666 http://secunia.com/advisories/31013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable. Vulnerabilidad de salto de directorio en inc/class_language.php de MyBB anterior a 1.2.13, tiene un impacto y vectores de ataque desconocidos relacionados con la variable $language. • http://community.mybboard.net/attachment.php?aid=9272 http://community.mybboard.net/showthread.php?tid=31666 http://secunia.com/advisories/31013 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •