CVE-2007-0544
https://notcve.org/view.php?id=CVE-2007-0544
Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en private.php de MyBB (también conocido como MyBulletinBoard) permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través del campo Asunto (Subject), un vector distinto de CVE-2006-2949. • http://osvdb.org/32967 http://secunia.com/advisories/23934 http://secunia.com/advisories/28837 http://www.securityfocus.com/archive/1/457929/100/0/threaded http://www.securityfocus.com/bid/22205 https://exchange.xforce.ibmcloud.com/vulnerabilities/31740 •
CVE-2006-0442 – MyBB 1.0.1/1.0.2 Notepad - 'usercp.php' HTML Injection
https://notcve.org/view.php?id=CVE-2006-0442
Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219. Múltiples vulnerabilidades de XSS en usercp.php en MyBulletinBoard (MyBB) 1.02 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través del (1) parámetro de bloc en una acción de bloc y (2) parametro de firma en una acción de edición. NOTA: Estos son diferentes tipos de ataque y, probablemente, una vulnerabilidad diferente a CVE-2006-0218 y CVE-2006-0219. • https://www.exploit-db.com/exploits/27122 http://kapda.ir/advisory-241.html http://secunia.com/advisories/18603 http://securitytracker.com/id?1015535 http://www.securityfocus.com/archive/1/423128/100/0/threaded http://www.securityfocus.com/bid/16361 http://www.vupen.com/english/advisories/2006/0316 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-0218
https://notcve.org/view.php?id=CVE-2006-0218
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603. • http://community.mybboard.net/showthread.php?tid=5852 •
CVE-2005-4199
https://notcve.org/view.php?id=CVE-2005-4199
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964 http://secunia.com/advisories/18000 http://securityreason.com/securityalert/246 http://securityreason.com/securityalert/294 http://securitytracker.com/id?1015407 http://www.osvdb.org/22156 http://www.osvdb.org/22157 http://www.osvdb.org/22158 http://www.securityfocus.com/archive/1/419067/100/0/threaded http://www.securityfocus.com/archive • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •