CVE-2006-1282
https://notcve.org/view.php?id=CVE-2006-1282
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-295.html http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html http://www.securityfocus.com/archive/1/427747/100/0/threaded http://www.securityfocus.com/bid/17097 https://exchange.xforce.ibmcloud.com/vulnerabilities/25267 •
CVE-2005-4602
https://notcve.org/view.php?id=CVE-2005-4602
SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment. • http://secunia.com/advisories/18281 http://securityreason.com/securityalert/311 http://www.osvdb.org/22159 http://www.securityfocus.com/archive/1/420573/100/0/threaded http://www.securityfocus.com/bid/16097 http://www.vupen.com/english/advisories/2006/0012 •
CVE-2005-4603
https://notcve.org/view.php?id=CVE-2005-4603
Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread. • http://secunia.com/advisories/18281 http://securityreason.com/securityalert/310 http://www.osvdb.org/21601 http://www.securityfocus.com/archive/1/420569/100/0/threaded http://www.securityfocus.com/bid/16096 http://www.vupen.com/english/advisories/2006/0012 •
CVE-2005-4200
https://notcve.org/view.php?id=CVE-2005-4200
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199. • http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964 http://secunia.com/advisories/18000 http://www.securityfocus.com/bid/15793 http://www.vupen.com/english/advisories/2005/2842 •
CVE-2005-3326 – MyBulletinBoard (MyBB) 1.0 - 'usercp.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3326
SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter. • https://www.exploit-db.com/exploits/26396 http://community.mybboard.net/showthread.php?tid=4507&pid=27223#pid27223 http://www.osvdb.org/20700 http://www.securityfocus.com/archive/1/414672 http://www.securityfocus.com/bid/15204 •