CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 1CVE-2006-2908 – MyBulletinBoard (MyBB) < 1.1.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-2908
13 Jun 2006 — The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. • https://www.exploit-db.com/exploits/1909 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-2949
https://notcve.org/view.php?id=CVE-2006-2949
12 Jun 2006 — Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. • http://secunia.com/advisories/20492 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2589
https://notcve.org/view.php?id=CVE-2006-2589
25 May 2006 — SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code. • http://securityreason.com/securityalert/952 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2333
https://notcve.org/view.php?id=CVE-2006-2333
12 May 2006 — Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php. • http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2336 – MyBB 1.1.1 - 'showthread.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2336
12 May 2006 — SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. • https://www.exploit-db.com/exploits/27843 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2103
https://notcve.org/view.php?id=CVE-2006-2103
29 Apr 2006 — SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. • http://secunia.com/advisories/19865 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2006-1974 – MyBB 1.0/1.1 - 'index.php' Referrer Cookie SQL Injection
https://notcve.org/view.php?id=CVE-2006-1974
21 Apr 2006 — SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. • https://www.exploit-db.com/exploits/27155 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-1911
https://notcve.org/view.php?id=CVE-2006-1911
20 Apr 2006 — Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment. • http://community.mybboard.net/showthread.php?tid=8232 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-1912 – MyBB 1.1 - Global Variable Overwrite
https://notcve.org/view.php?id=CVE-2006-1912
20 Apr 2006 — MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. • https://www.exploit-db.com/exploits/27667 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-1716
https://notcve.org/view.php?id=CVE-2006-1716
11 Apr 2006 — Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. Vulnerabilidad de XSS en inc/functions_post.php en MyBB (también conocido como MyBulletinBoard) 1.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través d... • http://kapda.ir/advisory-305.html •