CVE-2006-0406
https://notcve.org/view.php?id=CVE-2006-0406
search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters. search.php en MyBB 1.0.2 permite a atacantes remotos obtener información sensible mediante una cierta petición de búsqueda que revela el prefijo de tabla en un mensaje de error SQL, posiblemente debido a parámetros no válidos.º • http://secunia.com/advisories/18577 http://www.osvdb.org/22736 http://www.securityfocus.com/archive/1/422227/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/24272 •
CVE-2006-0364
https://notcve.org/view.php?id=CVE-2006-0364
Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript". • http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.html http://secunia.com/advisories/18544 http://www.osvdb.org/22628 http://www.securityfocus.com/bid/16308 http://www.vupen.com/english/advisories/2006/0255 https://exchange.xforce.ibmcloud.com/vulnerabilities/24225 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-0219
https://notcve.org/view.php?id=CVE-2006-0219
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php. • http://community.mybboard.net/showthread.php?tid=5853&pid=35088#pid35088 http://community.mybboard.net/showthread.php?tid=5853&pid=35151#pid35151 http://community.mybboard.net/showthread.php?tid=5960 http://www.securityfocus.com/bid/16230 https://exchange.xforce.ibmcloud.com/vulnerabilities/24115 •
CVE-2005-4603
https://notcve.org/view.php?id=CVE-2005-4603
Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread. • http://secunia.com/advisories/18281 http://securityreason.com/securityalert/310 http://www.osvdb.org/21601 http://www.securityfocus.com/archive/1/420569/100/0/threaded http://www.securityfocus.com/bid/16096 http://www.vupen.com/english/advisories/2006/0012 •
CVE-2005-1833 – MyBulletinBoard (MyBB) 1.00 RC4 - 'calendar.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-1833
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php. • https://www.exploit-db.com/exploits/1022 http://marc.info/?l=bugtraq&m=111757191118050&w=2 http://secunia.com/advisories/15552 http://www.mybboard.com/community/showthread.php?tid=2559 http://www.osvdb.org/17024 •