Page 4 of 20 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php. • http://community.mybboard.net/showthread.php?tid=5853&pid=35088#pid35088 http://community.mybboard.net/showthread.php?tid=5853&pid=35151#pid35151 http://community.mybboard.net/showthread.php?tid=5960 http://www.securityfocus.com/bid/16230 https://exchange.xforce.ibmcloud.com/vulnerabilities/24115 •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0

SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment. • http://secunia.com/advisories/18281 http://securityreason.com/securityalert/311 http://www.osvdb.org/22159 http://www.securityfocus.com/archive/1/420573/100/0/threaded http://www.securityfocus.com/bid/16097 http://www.vupen.com/english/advisories/2006/0012 •

CVSS: 4.3EPSS: 1%CPEs: 12EXPL: 0

Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread. • http://secunia.com/advisories/18281 http://securityreason.com/securityalert/310 http://www.osvdb.org/21601 http://www.securityfocus.com/archive/1/420569/100/0/threaded http://www.securityfocus.com/bid/16096 http://www.vupen.com/english/advisories/2006/0012 •

CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0

Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199. • http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964 http://secunia.com/advisories/18000 http://www.securityfocus.com/bid/15793 http://www.vupen.com/english/advisories/2005/2842 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter. • https://www.exploit-db.com/exploits/26396 http://community.mybboard.net/showthread.php?tid=4507&pid=27223#pid27223 http://www.osvdb.org/20700 http://www.securityfocus.com/archive/1/414672 http://www.securityfocus.com/bid/15204 •