CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 1CVE-2006-2908 – MyBulletinBoard (MyBB) < 1.1.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-2908
13 Jun 2006 — The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. • https://www.exploit-db.com/exploits/1909 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-2949
https://notcve.org/view.php?id=CVE-2006-2949
12 Jun 2006 — Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. • http://secunia.com/advisories/20492 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2589
https://notcve.org/view.php?id=CVE-2006-2589
25 May 2006 — SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code. • http://securityreason.com/securityalert/952 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2333
https://notcve.org/view.php?id=CVE-2006-2333
12 May 2006 — Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php. • http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2336 – MyBB 1.1.1 - 'showthread.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2336
12 May 2006 — SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. • https://www.exploit-db.com/exploits/27843 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2103
https://notcve.org/view.php?id=CVE-2006-2103
29 Apr 2006 — SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. • http://secunia.com/advisories/19865 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 1CVE-2006-1974 – MyBB 1.0/1.1 - 'index.php' Referrer Cookie SQL Injection
https://notcve.org/view.php?id=CVE-2006-1974
21 Apr 2006 — SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. • https://www.exploit-db.com/exploits/27155 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-1911
https://notcve.org/view.php?id=CVE-2006-1911
20 Apr 2006 — Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment. • http://community.mybboard.net/showthread.php?tid=8232 •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 5CVE-2006-1281
https://notcve.org/view.php?id=CVE-2006-1281
19 Mar 2006 — Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. • http://community.mybboard.net/showthread.php?tid=7368 •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 3CVE-2006-1282
https://notcve.org/view.php?id=CVE-2006-1282
19 Mar 2006 — CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. • http://community.mybboard.net/showthread.php?tid=7368 •