21 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 25EXPL: 3

SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php. Vulnerabilidad de inyección de SQL en inc/datahandlers/pm.php en MyBB anterior a v1.2.12, permite a usuarios autentificados remotamente ejecutar comandos SQL de su eleccion a través del parámetro "options"[disablesmilies] del private.php • https://www.exploit-db.com/exploits/5070 http://community.mybboard.net/showthread.php?tid=27675 http://secunia.com/advisories/28572 http://www.securityfocus.com/archive/1/486763/100/200/threaded http://www.securityfocus.com/bid/27378 http://www.securitytracker.com/id?1019257 http://www.vupen.com/english/advisories/2008/0238 http://www.waraxe.us/advisory-64.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 1

Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action. Vulnerabilidad de salto de directorio en usercp.php en MyBB (también conocido como MyBulletinBoard) 1.x permite a atacantes remotos leer archivos de su elección a través de la secuencia ..(punto punto) en el parámetro gallery en un acción (1) avatar o (2) do_avatar. • http://securityreason.com/securityalert/1319 http://www.securityfocus.com/archive/1/441534/100/0/threaded http://www.securityfocus.com/bid/19195 •

CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 1

Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en usercp.php en MyBB (aka MyBulletinBoard) 1.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro gallery. • http://securityreason.com/securityalert/1319 http://www.securityfocus.com/archive/1/441534/100/0/threaded http://www.securityfocus.com/bid/19193 •

CVSS: 4.3EPSS: 1%CPEs: 21EXPL: 3

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en inc/functions_post.php de MyBB (alias MyBulletinBoard) en versiones 1.0 RC2 hasta 1.1.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante un URI javascript con una referencia de carácter numérico SGML en la etiqueta "url" de BBCode, como se ha demostrado utilizando "javascript". • http://community.mybboard.net/showthread.php?tid=10115 http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html http://secunia.com/advisories/20873 http://securityreason.com/securityalert/1257 http://www.mybboard.com/archive.php?nid=15 http://www.osvdb.org/26808 http://www.securityfocus.com/archive/1/438588/100/200/threaded http://www.securityfocus.com/bid/18702 https://exchange.xforce.ibmcloud.com/vulnerabilities/27444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0

SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. Vulnerabilidad de inyección SQL en usercp.php en MyBB (MyBulletinBoard) v1.0 hasta v1.1.3 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro showcodebuttons. • http://community.mybboard.net/showthread.php?tid=9955 http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html http://secunia.com/advisories/20795 http://securityreason.com/securityalert/1147 http://www.securityfocus.com/archive/1/438209 http://www.vupen.com/english/advisories/2006/2511 https://exchange.xforce.ibmcloud.com/vulnerabilities/27410 •