CVE-2006-3420
https://notcve.org/view.php?id=CVE-2006-3420
Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en editpost.php en MyBulletinBoard (MyBB) en versiones anteriores a 1.1.5 permiten a atacantes remotos realizar acciones sin autorización como un usuario validado y borrar correos internos del foro a través de la etiqueta IMG con un parámetro "borrar" modificado en la acción "borrar correo". NOTA: El origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/20659 http://www.osvdb.org/26807 https://exchange.xforce.ibmcloud.com/vulnerabilities/27682 •
CVE-2006-3243
https://notcve.org/view.php?id=CVE-2006-3243
SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. Vulnerabilidad de inyección SQL en usercp.php en MyBB (MyBulletinBoard) v1.0 hasta v1.1.3 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro showcodebuttons. • http://community.mybboard.net/showthread.php?tid=9955 http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html http://secunia.com/advisories/20795 http://securityreason.com/securityalert/1147 http://www.securityfocus.com/archive/1/438209 http://www.vupen.com/english/advisories/2006/2511 https://exchange.xforce.ibmcloud.com/vulnerabilities/27410 •
CVE-2006-2589
https://notcve.org/view.php?id=CVE-2006-2589
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code. • http://securityreason.com/securityalert/952 http://www.securityfocus.com/archive/1/434728/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/28520 •
CVE-2006-2333
https://notcve.org/view.php?id=CVE-2006-2333
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php. • http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html http://securityreason.com/securityalert/885 http://www.securityfocus.com/archive/1/433231/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26545 •
CVE-2006-2336 – MyBB 1.1.1 - 'showthread.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2336
SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. • https://www.exploit-db.com/exploits/27843 http://securityreason.com/securityalert/884 http://www.osvdb.org/25674 http://www.securityfocus.com/archive/1/433564/100/0/threaded http://www.securityfocus.com/bid/17904 https://exchange.xforce.ibmcloud.com/vulnerabilities/26376 •