VYPR

Mybb

by MyBB

Source repositories

CVEs (180)

  • CVE-2008-3069Jul 8, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.

  • CVE-2008-0788Feb 15, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the…

  • CVE-2007-0689May 14, 2007
    risk 0.00cvss epss 0.02

    MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.

  • CVE-2007-1964Apr 11, 2007
    risk 0.00cvss epss 0.01

    member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password…

  • CVE-2007-0622Jan 31, 2007
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2007-0544Jan 29, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.

  • CVE-2006-4971Sep 25, 2006
    risk 0.00cvss epss 0.01

    MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.

  • CVE-2006-4972Sep 25, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.

  • CVE-2006-4707Sep 12, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).

  • CVE-2006-4706Sep 12, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded…

  • CVE-2006-3953Aug 1, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

  • CVE-2006-3954Aug 1, 2006
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.

  • CVE-2006-3760Jul 21, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2006-3761Jul 21, 2006
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as…

  • CVE-2006-3758Jul 21, 2006
    risk 0.00cvss epss 0.01

    inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the…

  • CVE-2006-3243Jun 27, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.

  • CVE-2006-2949Jun 12, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter.

  • CVE-2006-2589May 25, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable…

  • CVE-2006-2333May 12, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2)…

  • CVE-2006-2103Apr 29, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2)…

Page 8 of 9