CVE-2008-4928
- EPSS 1.41%
- Veröffentlicht 04.11.2008 21:00:05
- Zuletzt bearbeitet 16.06.2026 22:58:46
Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation....
CVE-2008-4929
- EPSS 2.24%
- Veröffentlicht 04.11.2008 21:00:05
- Zuletzt bearbeitet 16.06.2026 22:58:47
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.
- EPSS 1.15%
- Veröffentlicht 04.11.2008 21:00:05
- Zuletzt bearbeitet 16.06.2026 22:58:47
MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, ...
CVE-2008-3965
- EPSS 1.26%
- Veröffentlicht 11.09.2008 01:13:47
- Zuletzt bearbeitet 16.06.2026 22:56:54
SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.
CVE-2008-3966
- EPSS 1.27%
- Veröffentlicht 11.09.2008 01:13:47
- Zuletzt bearbeitet 16.06.2026 22:56:54
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/function...
CVE-2008-3967
- EPSS 1.38%
- Veröffentlicht 11.09.2008 01:13:47
- Zuletzt bearbeitet 16.06.2026 22:56:54
moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.
CVE-2008-3334
- EPSS 1.03%
- Veröffentlicht 27.07.2008 23:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:37
Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.
CVE-2008-3069
- EPSS 1.02%
- Veröffentlicht 08.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:01
Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.
CVE-2008-3070
- EPSS 0.88%
- Veröffentlicht 08.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:01
Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.
CVE-2008-3071
- EPSS 1.28%
- Veröffentlicht 08.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:01
Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.