Mybulletinboard

Mybulletinboard

60 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.1

CVE-2006-1716

  • EPSS 1.41%
  • Veröffentlicht 11.04.2006 23:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covere...

6.8

CVE-2006-1625

  • EPSS 1.63%
  • Veröffentlicht 05.04.2006 10:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove e...

5

CVE-2006-1345

  • EPSS 0.67%
  • Veröffentlicht 22.03.2006 01:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message.

4.3

CVE-2006-1282

Exploit
  • EPSS 0.67%
  • Veröffentlicht 19.03.2006 11:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when...

3.5

CVE-2006-1281

Exploit
  • EPSS 0.89%
  • Veröffentlicht 19.03.2006 11:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported t...

4.3

CVE-2006-1272

Exploit
  • EPSS 0.98%
  • Veröffentlicht 19.03.2006 02:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field.

5

CVE-2006-1065

Exploit
  • EPSS 0.37%
  • Veröffentlicht 07.03.2006 22:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter.

7.5

CVE-2006-0959

Exploit
  • EPSS 4.58%
  • Veröffentlicht 02.03.2006 23:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 h...

2.6

CVE-2006-0770

Exploit
  • EPSS 0.41%
  • Veröffentlicht 18.02.2006 21:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the ...

4.3

CVE-2006-0639

Exploit
  • EPSS 0.41%
  • Veröffentlicht 10.02.2006 11:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonst...