Mybulletinboard

Mybulletinboard

60 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.25%
  • Veröffentlicht 30.08.2006 01:04:00
  • Zuletzt bearbeitet 16.06.2026 22:29:07

Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rende...

Exploit
  • EPSS 1.69%
  • Veröffentlicht 01.08.2006 21:04:00
  • Zuletzt bearbeitet 16.06.2026 22:28:08

Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.

Exploit
  • EPSS 1.2%
  • Veröffentlicht 01.08.2006 21:04:00
  • Zuletzt bearbeitet 16.06.2026 22:28:08

Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

Exploit
  • EPSS 2.44%
  • Veröffentlicht 24.07.2006 12:19:00
  • Zuletzt bearbeitet 16.06.2026 22:27:47

SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by in...

Exploit
  • EPSS 2.53%
  • Veröffentlicht 21.07.2006 14:03:00
  • Zuletzt bearbeitet 16.06.2026 22:27:45

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the...

  • EPSS 1.31%
  • Veröffentlicht 21.07.2006 14:03:00
  • Zuletzt bearbeitet 16.06.2026 22:27:45

inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injecti...

  • EPSS 1.14%
  • Veröffentlicht 21.07.2006 14:03:00
  • Zuletzt bearbeitet 16.06.2026 22:27:45

Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation."

  • EPSS 1.19%
  • Veröffentlicht 21.07.2006 14:03:00
  • Zuletzt bearbeitet 16.06.2026 22:27:45

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • EPSS 1.51%
  • Veröffentlicht 07.07.2006 00:05:00
  • Zuletzt bearbeitet 16.06.2026 22:27:01

Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified d...

  • EPSS 1.36%
  • Veröffentlicht 27.06.2006 10:05:00
  • Zuletzt bearbeitet 16.06.2026 22:26:41

SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.