Mybb

Mybb

140 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2008-4929

Exploit
  • EPSS 0.73%
  • Veröffentlicht 04.11.2008 21:00:05
  • Zuletzt bearbeitet 09.04.2025 00:30:58

MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.

5

CVE-2008-4930

  • EPSS 0.27%
  • Veröffentlicht 04.11.2008 21:00:05
  • Zuletzt bearbeitet 09.04.2025 00:30:58

MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, ...

7.5

CVE-2008-3965

  • EPSS 0.71%
  • Veröffentlicht 11.09.2008 01:13:47
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.

4.3

CVE-2008-3966

Exploit
  • EPSS 0.48%
  • Veröffentlicht 11.09.2008 01:13:47
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/function...

7.5

CVE-2008-3967

  • EPSS 0.63%
  • Veröffentlicht 11.09.2008 01:13:47
  • Zuletzt bearbeitet 09.04.2025 00:30:58

moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.

4.3

CVE-2008-3334

  • EPSS 0.29%
  • Veröffentlicht 27.07.2008 23:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.

4.3

CVE-2008-3069

  • EPSS 0.25%
  • Veröffentlicht 08.07.2008 18:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.

7.5

CVE-2008-3070

  • EPSS 0.23%
  • Veröffentlicht 08.07.2008 18:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.

7.5

CVE-2008-3071

  • EPSS 0.18%
  • Veröffentlicht 08.07.2008 18:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.

6.8

CVE-2008-0788

Exploit
  • EPSS 0.17%
  • Veröffentlicht 15.02.2008 01:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moder...