NotCVE - vendor:"Mybulletinboard" product:"Mybulletinboard" version:"1.1.3"

Page 3 of 18 results (0.020 seconds)

CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0

CVE-2006-3420

https://notcve.org/view.php?id=CVE-2006-3420

Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en editpost.php en MyBulletinBoard (MyBB) en versiones anteriores a 1.1.5 permiten a atacantes remotos realizar acciones sin autorización como un usuario validado y borrar correos internos del foro a través de la etiqueta IMG con un parámetro "borrar" modificado en la acción "borrar correo". NOTA: El origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/20659 http://www.osvdb.org/26807 https://exchange.xforce.ibmcloud.com/vulnerabilities/27682 •

CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0

CVE-2006-3243

https://notcve.org/view.php?id=CVE-2006-3243

SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. Vulnerabilidad de inyección SQL en usercp.php en MyBB (MyBulletinBoard) v1.0 hasta v1.1.3 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro showcodebuttons. • http://community.mybboard.net/showthread.php?tid=9955 http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html http://secunia.com/advisories/20795 http://securityreason.com/securityalert/1147 http://www.securityfocus.com/archive/1/438209 http://www.vupen.com/english/advisories/2006/2511 https://exchange.xforce.ibmcloud.com/vulnerabilities/27410 •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 3

CVE-2006-1282

https://notcve.org/view.php?id=CVE-2006-1282

CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-295.html http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html http://www.securityfocus.com/archive/1/427747/100/0/threaded http://www.securityfocus.com/bid/17097 https://exchange.xforce.ibmcloud.com/vulnerabilities/25267 •

CVSS: 3.5EPSS: 0%CPEs: 11EXPL: 5

CVE-2006-1281

https://notcve.org/view.php?id=CVE-2006-1281

Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-296.html http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html http://secunia.com/advisories/19213 http://www.osvdb.org/23935 http://www.securityfocus.com/archive/1/427744/100/0/threaded http://www.securityfocus.com/bid/17097 http://www.securityfocus.com/bid/17492 http://www.vupen.com/english/advisories/2006/0971 https://exchange.xforce.ibmcloud.com/vulnerabilities/25266 •

CVSS: 4.3EPSS: 1%CPEs: 12EXPL: 0

CVE-2005-4603

https://notcve.org/view.php?id=CVE-2005-4603

Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread. • http://secunia.com/advisories/18281 http://securityreason.com/securityalert/310 http://www.osvdb.org/21601 http://www.securityfocus.com/archive/1/420569/100/0/threaded http://www.securityfocus.com/bid/16096 http://www.vupen.com/english/advisories/2006/0012 •

1 2 3 4