Mybulletinboard

Mybulletinboard

60 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2006-2908

  • EPSS 9.94%
  • Published 13.06.2006 01:02:00
  • Last modified 03.04.2025 01:03:51

The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (execu...

6.8

CVE-2006-2949

  • EPSS 1.47%
  • Published 12.06.2006 20:06:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter.

6.4

CVE-2006-2589

  • EPSS 0.32%
  • Published 25.05.2006 10:02:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demon...

6.4

CVE-2006-2336

  • EPSS 0.76%
  • Published 12.05.2006 00:02:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter.

6.4

CVE-2006-2333

Exploit
  • EPSS 0.39%
  • Published 12.05.2006 00:02:00
  • Last modified 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled i...

2.1

CVE-2006-2103

  • EPSS 0.35%
  • Published 29.04.2006 10:02:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adm...

7.5

CVE-2006-1974

  • EPSS 0.45%
  • Published 21.04.2006 10:02:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter.

5.8

CVE-2006-1912

  • EPSS 0.9%
  • Published 20.04.2006 18:06:00
  • Last modified 03.04.2025 01:03:51

MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leverag...

4.3

CVE-2006-1911

Exploit
  • EPSS 0.41%
  • Published 20.04.2006 18:06:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment.

5.1

CVE-2006-1717

  • EPSS 0.87%
  • Published 11.04.2006 23:02:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username.