CVE-2006-0470 – MyBB 1.0.2 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-0470
Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection. • https://www.exploit-db.com/exploits/27137 http://community.mybboard.net/attachment.php?aid=2181 http://community.mybboard.net/showthread.php?tid=6418 http://seclists.org/lists/bugtraq/2006/Jan/0414.html http://secunia.com/advisories/18617 http://securityreason.com/securityalert/374 http://www.osvdb.org/22750 http://www.securityfocus.com/bid/16387 http://www.vupen.com/english/advisories/2006/0350 https://exchange.xforce.ibmcloud.com/vulnerabilities/24466 •
CVE-2006-0364
https://notcve.org/view.php?id=CVE-2006-0364
Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript". • http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.html http://secunia.com/advisories/18544 http://www.osvdb.org/22628 http://www.securityfocus.com/bid/16308 http://www.vupen.com/english/advisories/2006/0255 https://exchange.xforce.ibmcloud.com/vulnerabilities/24225 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-4602
https://notcve.org/view.php?id=CVE-2005-4602
SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment. • http://secunia.com/advisories/18281 http://securityreason.com/securityalert/311 http://www.osvdb.org/22159 http://www.securityfocus.com/archive/1/420573/100/0/threaded http://www.securityfocus.com/bid/16097 http://www.vupen.com/english/advisories/2006/0012 •
CVE-2005-4603
https://notcve.org/view.php?id=CVE-2005-4603
Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread. • http://secunia.com/advisories/18281 http://securityreason.com/securityalert/310 http://www.osvdb.org/21601 http://www.securityfocus.com/archive/1/420569/100/0/threaded http://www.securityfocus.com/bid/16096 http://www.vupen.com/english/advisories/2006/0012 •
CVE-2005-4200
https://notcve.org/view.php?id=CVE-2005-4200
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199. • http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964 http://secunia.com/advisories/18000 http://www.securityfocus.com/bid/15793 http://www.vupen.com/english/advisories/2005/2842 •