CVE-2006-1974 – MyBB 1.0/1.1 - 'index.php' Referrer Cookie SQL Injection
https://notcve.org/view.php?id=CVE-2006-1974
SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. • https://www.exploit-db.com/exploits/27155 http://www.securityfocus.com/bid/16443 http://www.securityfocus.com/bid/16443/exploit •
CVE-2006-1911
https://notcve.org/view.php?id=CVE-2006-1911
Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment. • http://community.mybboard.net/showthread.php?tid=8232 http://secunia.com/advisories/19668 http://www.vupen.com/english/advisories/2006/1381 https://exchange.xforce.ibmcloud.com/vulnerabilities/25864 •
CVE-2006-1281
https://notcve.org/view.php?id=CVE-2006-1281
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-296.html http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html http://secunia.com/advisories/19213 http://www.osvdb.org/23935 http://www.securityfocus.com/archive/1/427744/100/0/threaded http://www.securityfocus.com/bid/17097 http://www.securityfocus.com/bid/17492 http://www.vupen.com/english/advisories/2006/0971 https://exchange.xforce.ibmcloud.com/vulnerabilities/25266 •
CVE-2006-1282
https://notcve.org/view.php?id=CVE-2006-1282
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-295.html http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html http://www.securityfocus.com/archive/1/427747/100/0/threaded http://www.securityfocus.com/bid/17097 https://exchange.xforce.ibmcloud.com/vulnerabilities/25267 •
CVE-2006-1272
https://notcve.org/view.php?id=CVE-2006-1272
Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-297.html http://www.osvdb.org/23935 http://www.securityfocus.com/archive/1/427746/100/0/threaded http://www.securityfocus.com/bid/17097 https://exchange.xforce.ibmcloud.com/vulnerabilities/25263 •