VYPR

MyBB

by PhpBB

CVEs (17)

  • CVE-2006-4449Aug 30, 2006
    PhpBB
    Mybulletinboard
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.

  • CVE-2006-2908Jun 13, 2006
    PhpBB
    Mybulletinboard
    risk 0.03cvss epss 0.04

    The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.

  • CVE-2006-0959Mar 2, 2006
    PhpBB
    Mybulletinboard
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be…

  • CVE-2006-0442Jan 26, 2006
    MyBB
    Mybb
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are…

  • CVE-2005-2697Aug 26, 2005
    PhpBB
    Mybulletinboard
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282.

  • CVE-2005-1833May 31, 2005
    PhpBB
    Mybulletinboard
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to…

  • CVE-2006-1281Mar 19, 2006
    PhpBB
    Mybulletinboard
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable.

  • CVE-2006-1272Mar 19, 2006
    PhpBB
    MyBB
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field.

  • CVE-2006-1065Mar 7, 2006
    PhpBB
    Mybulletinboard
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter.

  • CVE-2006-0770Feb 18, 2006
    PhpBB
    Mybulletinboard
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this…

  • CVE-2006-0364Jan 22, 2006
    PhpBB
    Mybulletinboard
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without…

  • CVE-2006-0218Jan 16, 2006
    MyBB
    Mybb
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and…

  • CVE-2005-3777Nov 23, 2005
    PhpBB
    Mybulletinboard
    risk 0.00cvss epss 0.01

    MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form.

  • CVE-2005-3778Nov 23, 2005
    PhpBB
    MyBB
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors.

  • CVE-2005-2888Sep 14, 2005
    PhpBB
    MyBB
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php.

  • CVE-2005-1811Jun 1, 2005
    PhpBB
    Mybulletinboard
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile.

  • CVE-2005-1832May 31, 2005
    PhpBB
    Mybulletinboard
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to…