Page 3 of 18 results (0.005 seconds)

CVSS: 4.3EPSS: 1%CPEs: 21EXPL: 3

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en inc/functions_post.php de MyBB (alias MyBulletinBoard) en versiones 1.0 RC2 hasta 1.1.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante un URI javascript con una referencia de carácter numérico SGML en la etiqueta "url" de BBCode, como se ha demostrado utilizando "javascript". • http://community.mybboard.net/showthread.php?tid=10115 http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html http://secunia.com/advisories/20873 http://securityreason.com/securityalert/1257 http://www.mybboard.com/archive.php?nid=15 http://www.osvdb.org/26808 http://www.securityfocus.com/archive/1/438588/100/200/threaded http://www.securityfocus.com/bid/18702 https://exchange.xforce.ibmcloud.com/vulnerabilities/27444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0

SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. Vulnerabilidad de inyección SQL en usercp.php en MyBB (MyBulletinBoard) v1.0 hasta v1.1.3 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro showcodebuttons. • http://community.mybboard.net/showthread.php?tid=9955 http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html http://secunia.com/advisories/20795 http://securityreason.com/securityalert/1147 http://www.securityfocus.com/archive/1/438209 http://www.vupen.com/english/advisories/2006/2511 https://exchange.xforce.ibmcloud.com/vulnerabilities/27410 •

CVSS: 3.5EPSS: 0%CPEs: 11EXPL: 5

Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-296.html http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html http://secunia.com/advisories/19213 http://www.osvdb.org/23935 http://www.securityfocus.com/archive/1/427744/100/0/threaded http://www.securityfocus.com/bid/17097 http://www.securityfocus.com/bid/17492 http://www.vupen.com/english/advisories/2006/0971 https://exchange.xforce.ibmcloud.com/vulnerabilities/25266 •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 3

CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-295.html http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html http://www.securityfocus.com/archive/1/427747/100/0/threaded http://www.securityfocus.com/bid/17097 https://exchange.xforce.ibmcloud.com/vulnerabilities/25267 •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0

SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment. • http://secunia.com/advisories/18281 http://securityreason.com/securityalert/311 http://www.osvdb.org/22159 http://www.securityfocus.com/archive/1/420573/100/0/threaded http://www.securityfocus.com/bid/16097 http://www.vupen.com/english/advisories/2006/0012 •