Mybulletinboard

Mybulletinboard

60 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.1

CVE-2006-1716

  • EPSS 1.41%
  • Published 11.04.2006 23:02:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covere...

6.8

CVE-2006-1625

  • EPSS 1.63%
  • Published 05.04.2006 10:04:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove e...

5

CVE-2006-1345

  • EPSS 0.67%
  • Published 22.03.2006 01:02:00
  • Last modified 03.04.2025 01:03:51

polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message.

4.3

CVE-2006-1282

Exploit
  • EPSS 0.67%
  • Published 19.03.2006 11:06:00
  • Last modified 03.04.2025 01:03:51

CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when...

3.5

CVE-2006-1281

Exploit
  • EPSS 0.89%
  • Published 19.03.2006 11:06:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported t...

4.3

CVE-2006-1272

Exploit
  • EPSS 0.98%
  • Published 19.03.2006 02:02:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field.

5

CVE-2006-1065

Exploit
  • EPSS 0.37%
  • Published 07.03.2006 22:06:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter.

7.5

CVE-2006-0959

Exploit
  • EPSS 4.58%
  • Published 02.03.2006 23:02:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 h...

2.6

CVE-2006-0770

Exploit
  • EPSS 0.41%
  • Published 18.02.2006 21:02:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the ...

4.3

CVE-2006-0639

Exploit
  • EPSS 0.41%
  • Published 10.02.2006 11:02:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonst...