Vulnerabilites related to mybulletinboard - mybulletinboard
Vulnerability from fkie_nvd
Published
2006-03-19 02:02
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field."
}
],
"id": "CVE-2006-1272",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-19T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://kapda.ir/advisory-297.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23935"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/427746/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17097"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://kapda.ir/advisory-297.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/427746/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25263"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-21 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0.3 | |
| mybulletinboard | mybulletinboard | 1.0_final | |
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.0_preview_release_2 | |
| mybulletinboard | mybulletinboard | 1.0_rc2 | |
| mybulletinboard | mybulletinboard | 1.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "894A8A8C-24BE-4B28-9CF4-46DD04ED38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter."
}
],
"id": "CVE-2006-1974",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-21T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16443"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16443/exploit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16443/exploit"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-27 10:05
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0.3 | |
| mybulletinboard | mybulletinboard | 1.0.4 | |
| mybulletinboard | mybulletinboard | 1.0_final | |
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.0_preview_release_2 | |
| mybulletinboard | mybulletinboard | 1.00_rc1 | |
| mybulletinboard | mybulletinboard | 1.00_rc2 | |
| mybulletinboard | mybulletinboard | 1.0_rc2 | |
| mybulletinboard | mybulletinboard | 1.00_rc3 | |
| mybulletinboard | mybulletinboard | 1.0_rc4 | |
| mybulletinboard | mybulletinboard | 1.00_rc4 | |
| mybulletinboard | mybulletinboard | 1.00_rc4_security_patch | |
| mybulletinboard | mybulletinboard | 1.01 | |
| mybulletinboard | mybulletinboard | 1.1 | |
| mybulletinboard | mybulletinboard | 1.1.1 | |
| mybulletinboard | mybulletinboard | 1.1.2 | |
| mybulletinboard | mybulletinboard | 1.1.3 | |
| mybulletinboard | mybulletinboard | 1.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2F2E0F-94E6-4D63-903F-0090E9D90BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC63F97-643C-43B9-83E5-E43928CB1CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "894A8A8C-24BE-4B28-9CF4-46DD04ED38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "43876FE9-F002-4524-B6C2-5DE4992E0A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE10B8B4-167D-430D-9C7D-6CF934F17D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4_security_patch:*:*:*:*:*:*:*",
"matchCriteriaId": "488811F6-7CC9-4F56-AD7C-81247B351851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD20FC3-BAE3-4623-B64D-3AA7073C404A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64E11CB6-E5E5-42CF-A2A4-B1DD3ABADBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59C3A929-B608-42FC-BB31-7599146E8CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4409B6-9F4D-4136-BA74-43736215A122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "525AD7D5-C94C-4BCD-8C03-B48E8BC91BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en usercp.php en MyBB (MyBulletinBoard) v1.0 hasta v1.1.3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro showcodebuttons."
}
],
"id": "CVE-2006-3243",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-27T10:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/showthread.php?tid=9955"
},
{
"source": "cve@mitre.org",
"url": "http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20795"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1147"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438209"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2511"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/showthread.php?tid=9955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27410"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-31 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=111757191118050&w=2 | ||
| cve@mitre.org | http://secunia.com/advisories/15552 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.mybboard.com/community/showthread.php?tid=2559 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=111757191118050&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/15552 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mybboard.com/community/showthread.php?tid=2559 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "768677E9-73F0-4D30-9B23-C7E2AC75FBAD",
"versionEndIncluding": "1.00_rc4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php."
}
],
"id": "CVE-2005-1832",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-31T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111757191118050\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15552"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.mybboard.com/community/showthread.php?tid=2559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111757191118050\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.mybboard.com/community/showthread.php?tid=2559"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0846A9BC-9FFC-4C93-911D-431688A6FB58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username."
}
],
"evaluatorSolution": "Successful exploitation requires that unauthenticated users are allowed to post new threads (not the default setting).",
"id": "CVE-2006-1717",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-11T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19516"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430464/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17427"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430464/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25730"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-16 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.00_rc4_security_patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4_security_patch:*:*:*:*:*:*:*",
"matchCriteriaId": "488811F6-7CC9-4F56-AD7C-81247B351851",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php."
}
],
"id": "CVE-2005-2580",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112387501519835\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112387501519835\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14553"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-21 14:03
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0.3 | |
| mybulletinboard | mybulletinboard | 1.0.4 | |
| mybulletinboard | mybulletinboard | 1.0_final | |
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.0_preview_release_2 | |
| mybulletinboard | mybulletinboard | 1.00_rc1 | |
| mybulletinboard | mybulletinboard | 1.00_rc2 | |
| mybulletinboard | mybulletinboard | 1.0_rc2 | |
| mybulletinboard | mybulletinboard | 1.00_rc3 | |
| mybulletinboard | mybulletinboard | 1.0_rc4 | |
| mybulletinboard | mybulletinboard | 1.00_rc4 | |
| mybulletinboard | mybulletinboard | 1.00_rc4_security_patch | |
| mybulletinboard | mybulletinboard | 1.01 | |
| mybulletinboard | mybulletinboard | 1.1 | |
| mybulletinboard | mybulletinboard | 1.1.1 | |
| mybulletinboard | mybulletinboard | 1.1.2 | |
| mybulletinboard | mybulletinboard | 1.1.3 | |
| mybulletinboard | mybulletinboard | 1.1.4 | |
| mybulletinboard | mybulletinboard | 1.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2F2E0F-94E6-4D63-903F-0090E9D90BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC63F97-643C-43B9-83E5-E43928CB1CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "894A8A8C-24BE-4B28-9CF4-46DD04ED38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "43876FE9-F002-4524-B6C2-5DE4992E0A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE10B8B4-167D-430D-9C7D-6CF934F17D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4_security_patch:*:*:*:*:*:*:*",
"matchCriteriaId": "488811F6-7CC9-4F56-AD7C-81247B351851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD20FC3-BAE3-4623-B64D-3AA7073C404A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64E11CB6-E5E5-42CF-A2A4-B1DD3ABADBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59C3A929-B608-42FC-BB31-7599146E8CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4409B6-9F4D-4136-BA74-43736215A122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D70B64CF-6EF1-487A-9617-68F904ACE727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "525AD7D5-C94C-4BCD-8C03-B48E8BC91BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using \"java\u0026#115;cript\"."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en inc/functions_post.php de MyBB (alias MyBulletinBoard) en versiones 1.0 RC2 hasta 1.1.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante un URI javascript con una referencia de car\u00e1cter num\u00e9rico SGML en la etiqueta \"url\" de BBCode, como se ha demostrado utilizando \"javascript\"."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nMyBulletinBoard, MyBulletinBoard, 1.1.5",
"id": "CVE-2006-3761",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-07-21T14:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20873"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1257"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/26808"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438588/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/18702"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.osvdb.org/26808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438588/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/18702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27444"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-30 01:04
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6942A9C-55E6-4A87-903F-3C8314EA4EA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en attachment.php en MyBulletinBoard (MyBB) 1.1.7 y posiblemente otras versiones permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante una imagen GIF que contiene Javascript codificado en formato URL, lo cual es renderizado por Internet Explorer."
}
],
"id": "CVE-2006-4449",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-08-30T01:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21645"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1469"
},
{
"source": "cve@mitre.org",
"url": "http://www.mybboard.com/archive.php?nid=18"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19718"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mybboard.com/archive.php?nid=18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-10 11:02
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter."
}
],
"id": "CVE-2006-0638",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-10T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18754"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22957"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/424335/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16538"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/424335/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0475"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-12 00:02
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php."
}
],
"id": "CVE-2006-2333",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-12T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/885"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/433231/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433231/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26545"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.00_rc1 | |
| mybulletinboard | mybulletinboard | 1.00_rc2 | |
| mybulletinboard | mybulletinboard | 1.00_rc3 | |
| mybulletinboard | mybulletinboard | 1.0_rc4 | |
| mybulletinboard | mybulletinboard | 1.00_rc4 | |
| mybulletinboard | mybulletinboard | 1.00_rc4_security_patch | |
| mybulletinboard | mybulletinboard | rc1 | |
| mybulletinboard | mybulletinboard | rc2 | |
| mybulletinboard | mybulletinboard | rc3 | |
| mybulletinboard | mybulletinboard | rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2F2E0F-94E6-4D63-903F-0090E9D90BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC63F97-643C-43B9-83E5-E43928CB1CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "43876FE9-F002-4524-B6C2-5DE4992E0A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE10B8B4-167D-430D-9C7D-6CF934F17D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4_security_patch:*:*:*:*:*:*:*",
"matchCriteriaId": "488811F6-7CC9-4F56-AD7C-81247B351851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "794B59C3-0318-49F5-A409-E258E4D322C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "14F3D49D-C89A-44FB-B254-4F8BAA20BFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDCAC700-1448-4BD4-97F4-8CC06F518524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE181AB-C597-48A3-A5DA-135E601968AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread."
}
],
"id": "CVE-2005-4603",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18281"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/310"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21601"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/420569/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16096"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/420569/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0012"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-14 20:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | preview_release_2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2BF5B5-6364-44D5-9CB0-4C9070B88CB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php."
}
],
"id": "CVE-2005-2888",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-14T20:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112611068702781\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16738/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112611068702781\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16738/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22192"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-19 11:06
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0.3 | |
| mybulletinboard | mybulletinboard | 1.0.4 | |
| mybulletinboard | mybulletinboard | 1.0_final | |
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.10 | |
| mybulletinboard | mybulletinboard | rc1 | |
| mybulletinboard | mybulletinboard | rc2 | |
| mybulletinboard | mybulletinboard | rc3 | |
| mybulletinboard | mybulletinboard | rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0846A9BC-9FFC-4C93-911D-431688A6FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "794B59C3-0318-49F5-A409-E258E4D322C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "14F3D49D-C89A-44FB-B254-4F8BAA20BFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDCAC700-1448-4BD4-97F4-8CC06F518524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE181AB-C597-48A3-A5DA-135E601968AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable."
}
],
"id": "CVE-2006-1281",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-19T11:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://kapda.ir/advisory-296.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19213"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23935"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/427744/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17097"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17492"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0971"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://kapda.ir/advisory-296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/427744/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25266"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-21 14:03
Modified
2025-04-03 01:03
Severity ?
Summary
inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D70B64CF-6EF1-487A-9617-68F904ACE727",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php."
},
{
"lang": "es",
"value": "inc/init.php en el Modo Archivo (Ligero) o Archive Mode (Light) de MyBB (tambi\u00e9n conocido como MybulletinBoard) 1.1.4 llama a la funci\u00f3n extract con EXTR_OVERWRITE en las variables de HTTP POST y GET, lo cual permite a atacantes remotos sobrescribir variables de su elecci\u00f3n, como se ha demostrado mediante una inyecci\u00f3n SQL utilizando el par\u00e1metro _SERVER[HTTP_CLIENT_IP] en archive/index.php."
}
],
"id": "CVE-2006-3758",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-21T14:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"source": "cve@mitre.org",
"url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20873"
},
{
"source": "cve@mitre.org",
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26809"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0846A9BC-9FFC-4C93-911D-431688A6FB58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en inc/functions_post.php en MyBB (tambi\u00e9n conocido como MyBulletinBoard) 1.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un evento JavaScript en una etiqueta BBCode img. NOTA: el vector de correo electr\u00f3nico ya esta cubierto par la CVE-2006-1625, aunque podr\u00eda provenir del mismo caso central."
}
],
"evaluatorSolution": "Successful exploitation requires that unauthenticated users are allowed to post new threads (not the default setting).",
"id": "CVE-2006-1716",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-11T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kapda.ir/advisory-305.html"
},
{
"source": "cve@mitre.org",
"url": "http://myimei.com/security/2006-03-12/mybb-110functions_postphpxss-attack.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19516"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24375"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430344/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17413"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kapda.ir/advisory-305.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://myimei.com/security/2006-03-12/mybb-110functions_postphpxss-attack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430344/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25615"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-16 21:03
Modified
2025-04-03 01:03
Severity ?
Summary
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0_final | |
| mybulletinboard | mybulletinboard | 1.0_preview_release_2 | |
| mybulletinboard | mybulletinboard | 1.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD20FC3-BAE3-4623-B64D-3AA7073C404A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php."
}
],
"id": "CVE-2006-0219",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-16T21:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/showthread.php?tid=5853\u0026pid=35088#pid35088"
},
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/showthread.php?tid=5853\u0026pid=35151#pid35151"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=5960"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16230"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/showthread.php?tid=5853\u0026pid=35088#pid35088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/showthread.php?tid=5853\u0026pid=35151#pid35151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=5960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24115"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.00_rc1 | |
| mybulletinboard | mybulletinboard | 1.00_rc2 | |
| mybulletinboard | mybulletinboard | 1.00_rc3 | |
| mybulletinboard | mybulletinboard | 1.0_rc4 | |
| mybulletinboard | mybulletinboard | 1.00_rc4 | |
| mybulletinboard | mybulletinboard | 1.00_rc4_security_patch | |
| mybulletinboard | mybulletinboard | rc1 | |
| mybulletinboard | mybulletinboard | rc2 | |
| mybulletinboard | mybulletinboard | rc3 | |
| mybulletinboard | mybulletinboard | rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2F2E0F-94E6-4D63-903F-0090E9D90BCC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC63F97-643C-43B9-83E5-E43928CB1CFE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "43876FE9-F002-4524-B6C2-5DE4992E0A3E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE10B8B4-167D-430D-9C7D-6CF934F17D68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4_security_patch:*:*:*:*:*:*:*",
"matchCriteriaId": "488811F6-7CC9-4F56-AD7C-81247B351851",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "794B59C3-0318-49F5-A409-E258E4D322C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "14F3D49D-C89A-44FB-B254-4F8BAA20BFF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDCAC700-1448-4BD4-97F4-8CC06F518524",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE181AB-C597-48A3-A5DA-135E601968AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment."
}
],
"id": "CVE-2005-4602",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18281"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/311"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22159"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/420573/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16097"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/420573/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0012"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-24 20:19
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54DACB68-1143-4E91-845F-F51DE7A6713F",
"versionEndIncluding": "1.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en calendar.php en MyBB (aka MyBulletinBoard) 1.2.5 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro day en una acci\u00f3n dayview."
}
],
"id": "CVE-2007-2211",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-24T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24967"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23612"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1510"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3780"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-02 23:02
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.3 | |
| mybulletinboard | mybulletinboard | 1.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected."
}
],
"id": "CVE-2006-0959",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-02T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19061"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/512"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23554"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426320/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426653/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16631"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0774"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24953"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/1539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426320/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426653/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/1539"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-25 01:07
Modified
2025-04-03 01:03
Severity ?
Summary
MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0.3 | |
| mybulletinboard | mybulletinboard | 1.0.4 | |
| mybulletinboard | mybulletinboard | 1.0_final | |
| mybulletinboard | mybulletinboard | 1.0_preview_release_2 | |
| mybulletinboard | mybulletinboard | 1.0_rc2 | |
| mybulletinboard | mybulletinboard | 1.1 | |
| mybulletinboard | mybulletinboard | 1.1.1 | |
| mybulletinboard | mybulletinboard | 1.1.2 | |
| mybulletinboard | mybulletinboard | 1.1.3 | |
| mybulletinboard | mybulletinboard | 1.1.4 | |
| mybulletinboard | mybulletinboard | 1.1.5 | |
| mybulletinboard | mybulletinboard | 1.1.7 | |
| mybulletinboard | mybulletinboard | 1.10 | |
| mybulletinboard | mybulletinboard | 1.14 | |
| mybulletinboard | mybulletinboard | 1.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "894A8A8C-24BE-4B28-9CF4-46DD04ED38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64E11CB6-E5E5-42CF-A2A4-B1DD3ABADBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59C3A929-B608-42FC-BB31-7599146E8CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4409B6-9F4D-4136-BA74-43736215A122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D70B64CF-6EF1-487A-9617-68F904ACE727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94EC0E67-111A-4989-A311-6B051D37CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6942A9C-55E6-4A87-903F-3C8314EA4EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0846A9BC-9FFC-4C93-911D-431688A6FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "42490451-EA60-4C61-99FB-526EFA3CBA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "956399FC-9377-478D-98E9-0024C61CA7E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message."
},
{
"lang": "es",
"value": "MyBB (tambi\u00e9n conocido c\u00f3mo MyBulletinBoard) permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s de una respuesta directa para inc/plugins/hello.php, lo que revela la ruta en un mensaje de error."
}
],
"id": "CVE-2006-4971",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-25T01:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1628"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3666"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-25 02:03
Modified
2025-04-03 01:03
Severity ?
Summary
search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters."
},
{
"lang": "es",
"value": "search.php en MyBB 1.0.2 permite a atacantes remotos obtener informaci\u00f3n sensible mediante una cierta petici\u00f3n de b\u00fasqueda que revela el prefijo de tabla en un mensaje de error SQL, posiblemente debido a par\u00e1metros no v\u00e1lidos.\u00ba"
}
],
"id": "CVE-2006-0406",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-25T02:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18577"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22736"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/422227/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/422227/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24272"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-15 01:00
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0 | |
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0.3 | |
| mybulletinboard | mybulletinboard | 1.0.4 | |
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.1 | |
| mybulletinboard | mybulletinboard | 1.1.1 | |
| mybulletinboard | mybulletinboard | 1.1.2 | |
| mybulletinboard | mybulletinboard | 1.1.3 | |
| mybulletinboard | mybulletinboard | 1.1.4 | |
| mybulletinboard | mybulletinboard | 1.1.5 | |
| mybulletinboard | mybulletinboard | 1.1.6 | |
| mybulletinboard | mybulletinboard | 1.1.7 | |
| mybulletinboard | mybulletinboard | 1.1.8 | |
| mybulletinboard | mybulletinboard | 1.2 | |
| mybulletinboard | mybulletinboard | 1.2.3 | |
| mybulletinboard | mybulletinboard | 1.2.5 | |
| mybulletinboard | mybulletinboard | 1.2.10 | |
| mybulletinboard | mybulletinboard | 1.2.11 | |
| mybulletinboard | mybulletinboard | 1.10 | |
| mybulletinboard | mybulletinboard | rc1 | |
| mybulletinboard | mybulletinboard | rc2 | |
| mybulletinboard | mybulletinboard | rc3 | |
| mybulletinboard | mybulletinboard | rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "858E3AD8-8A7C-4B33-A2AA-3C543D46E35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64E11CB6-E5E5-42CF-A2A4-B1DD3ABADBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59C3A929-B608-42FC-BB31-7599146E8CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4409B6-9F4D-4136-BA74-43736215A122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D70B64CF-6EF1-487A-9617-68F904ACE727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94EC0E67-111A-4989-A311-6B051D37CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7F962969-76AF-4CB2-BD20-A02D703B01C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6942A9C-55E6-4A87-903F-3C8314EA4EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC39A88-9F34-4119-8404-8495735290DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A15A18B-E4DB-4622-977B-3AA495E2F39A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4494C452-BB14-4180-A26E-572752FA6111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FD3E97-2E37-4FE3-83A7-13E489BDFF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C6BC25-C1BB-4640-9CC5-F10C0C119C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04247BE7-8EF5-4A9C-AD27-F29611FA4A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0846A9BC-9FFC-4C93-911D-431688A6FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "794B59C3-0318-49F5-A409-E258E4D322C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "14F3D49D-C89A-44FB-B254-4F8BAA20BFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDCAC700-1448-4BD4-97F4-8CC06F518524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE181AB-C597-48A3-A5DA-135E601968AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en inc/datahandlers/pm.php en MyBB anterior a v1.2.12, permite a usuarios autentificados remotamente ejecutar comandos SQL de su eleccion a trav\u00e9s del par\u00e1metro \"options\"[disablesmilies] del private.php"
}
],
"id": "CVE-2008-0787",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-15T01:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=27675"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28572/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/27378"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019257"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0238"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-64.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=27675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28572/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/27378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.waraxe.us/advisory-64.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5070"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-02 23:03
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | rc1 | |
| mybulletinboard | mybulletinboard | rc2 | |
| mybulletinboard | mybulletinboard | rc3 | |
| mybulletinboard | mybulletinboard | rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "794B59C3-0318-49F5-A409-E258E4D322C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "14F3D49D-C89A-44FB-B254-4F8BAA20BFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDCAC700-1448-4BD4-97F4-8CC06F518524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE181AB-C597-48A3-A5DA-135E601968AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter."
}
],
"id": "CVE-2005-2778",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-02T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112535137320050\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112535137320050\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/14684"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-10 11:02
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E."
}
],
"id": "CVE-2006-0639",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-10T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://myimei.com/security/2006-01-14/mybb-102searchphpxss-attackandmore.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/424334/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/424375/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://myimei.com/security/2006-01-14/mybb-102searchphpxss-attackandmore.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/424334/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/424375/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-12 16:07
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6942A9C-55E6-4A87-903F-3C8314EA4EA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en admin/global.php (tambi\u00e9n conocido como the Admin CP login form) en MyBB (tambi\u00e9n conocido como MyBulletinBoard) 1.1.7 permite a un atacante remoto inyectar un secuencia de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de una consulta de cadena ($_SERVER[PHP_SELF])."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nMyBB, MyBB, 1.1.8",
"id": "CVE-2006-4707",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-12T16:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21697"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1540"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3418"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-22 20:03
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0_final | |
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.0_preview_release_2 | |
| mybulletinboard | mybulletinboard | 1.0_rc2 | |
| mybulletinboard | mybulletinboard | 1.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "894A8A8C-24BE-4B28-9CF4-46DD04ED38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by \"\u0026#106\u0026#97\u0026#118\u0026#97\u0026#115\u0026#99\u0026#114\u0026#105\u0026#112\u0026#116\"."
}
],
"id": "CVE-2006-0364",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-01-22T20:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18544"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/22628"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16308"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0255"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/22628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24225"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-18 21:02
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0.3 | |
| mybulletinboard | mybulletinboard | 1.0.4 | |
| mybulletinboard | mybulletinboard | 1.0_final | |
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.0_preview_release_2 | |
| mybulletinboard | mybulletinboard | 1.0_rc2 | |
| mybulletinboard | mybulletinboard | 1.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "894A8A8C-24BE-4B28-9CF4-46DD04ED38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in \"advanced details\". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"id": "CVE-2006-0770",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-02-18T21:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18866"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23264"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0635"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24748"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-31 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0_final | |
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.0_preview_release_2 | |
| mybulletinboard | mybulletinboard | 1.0_rc2 | |
| mybulletinboard | mybulletinboard | 1.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "894A8A8C-24BE-4B28-9CF4-46DD04ED38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection."
}
],
"id": "CVE-2006-0470",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-31T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/attachment.php?aid=2181"
},
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/showthread.php?tid=6418"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://seclists.org/lists/bugtraq/2006/Jan/0414.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18617"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/374"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22750"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16387"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0350"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/attachment.php?aid=2181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/showthread.php?tid=6418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://seclists.org/lists/bugtraq/2006/Jan/0414.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-07 00:05
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1 | |
| mybulletinboard | mybulletinboard | 1.1.1 | |
| mybulletinboard | mybulletinboard | 1.1.2 | |
| mybulletinboard | mybulletinboard | 1.1.3 | |
| mybulletinboard | mybulletinboard | 1.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64E11CB6-E5E5-42CF-A2A4-B1DD3ABADBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59C3A929-B608-42FC-BB31-7599146E8CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4409B6-9F4D-4136-BA74-43736215A122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D70B64CF-6EF1-487A-9617-68F904ACE727",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en editpost.php en MyBulletinBoard (MyBB) en versiones anteriores a 1.1.5 permiten a atacantes remotos realizar acciones sin autorizaci\u00f3n como un usuario validado y borrar correos internos del foro a trav\u00e9s de la etiqueta IMG con un par\u00e1metro \"borrar\" modificado en la acci\u00f3n \"borrar correo\".\r\nNOTA: El origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido \u00fanicamente de informaci\u00f3n de terceros."
}
],
"evaluatorSolution": "Upgrade to version 1.1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.",
"id": "CVE-2006-3420",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-07T00:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20659"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26807"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-01 21:04
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2F2E0F-94E6-4D63-903F-0090E9D90BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC63F97-643C-43B9-83E5-E43928CB1CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "894A8A8C-24BE-4B28-9CF4-46DD04ED38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "43876FE9-F002-4524-B6C2-5DE4992E0A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE10B8B4-167D-430D-9C7D-6CF934F17D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4_security_patch:*:*:*:*:*:*:*",
"matchCriteriaId": "488811F6-7CC9-4F56-AD7C-81247B351851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD20FC3-BAE3-4623-B64D-3AA7073C404A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64E11CB6-E5E5-42CF-A2A4-B1DD3ABADBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59C3A929-B608-42FC-BB31-7599146E8CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4409B6-9F4D-4136-BA74-43736215A122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D70B64CF-6EF1-487A-9617-68F904ACE727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94EC0E67-111A-4989-A311-6B051D37CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6942A9C-55E6-4A87-903F-3C8314EA4EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "525AD7D5-C94C-4BCD-8C03-B48E8BC91BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0846A9BC-9FFC-4C93-911D-431688A6FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "42490451-EA60-4C61-99FB-526EFA3CBA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "956399FC-9377-478D-98E9-0024C61CA7E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en usercp.php en MyBB (aka MyBulletinBoard) 1.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro gallery."
}
],
"id": "CVE-2006-3953",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-01T21:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1319"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19193"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-22 20:00
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0 | |
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0.3 | |
| mybulletinboard | mybulletinboard | 1.0.4 | |
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.1 | |
| mybulletinboard | mybulletinboard | 1.1.1 | |
| mybulletinboard | mybulletinboard | 1.1.2 | |
| mybulletinboard | mybulletinboard | 1.1.3 | |
| mybulletinboard | mybulletinboard | 1.1.4 | |
| mybulletinboard | mybulletinboard | 1.1.5 | |
| mybulletinboard | mybulletinboard | 1.1.7 | |
| mybulletinboard | mybulletinboard | 1.1.8 | |
| mybulletinboard | mybulletinboard | 1.2 | |
| mybulletinboard | mybulletinboard | 1.2.3 | |
| mybulletinboard | mybulletinboard | 1.2.5 | |
| mybulletinboard | mybulletinboard | 1.2.10 | |
| mybulletinboard | mybulletinboard | 1.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "858E3AD8-8A7C-4B33-A2AA-3C543D46E35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64E11CB6-E5E5-42CF-A2A4-B1DD3ABADBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59C3A929-B608-42FC-BB31-7599146E8CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4409B6-9F4D-4136-BA74-43736215A122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D70B64CF-6EF1-487A-9617-68F904ACE727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94EC0E67-111A-4989-A311-6B051D37CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6942A9C-55E6-4A87-903F-3C8314EA4EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC39A88-9F34-4119-8404-8495735290DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A15A18B-E4DB-4622-977B-3AA495E2F39A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4494C452-BB14-4180-A26E-572752FA6111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FD3E97-2E37-4FE3-83A7-13E489BDFF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C6BC25-C1BB-4640-9CC5-F10C0C119C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0846A9BC-9FFC-4C93-911D-431688A6FB58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n eval en MyBB 1.2.10 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro sortby en las acciones (1) forumdisplay.php o (2)results en search.php."
}
],
"id": "CVE-2008-0382",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-22T20:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28509"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3559"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27322"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4927"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4928"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-31 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=111757191118050&w=2 | ||
| cve@mitre.org | http://secunia.com/advisories/15552 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.mybboard.com/community/showthread.php?tid=2559 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.osvdb.org/17024 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=111757191118050&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/15552 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mybboard.com/community/showthread.php?tid=2559 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/17024 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "768677E9-73F0-4D30-9B23-C7E2AC75FBAD",
"versionEndIncluding": "1.00_rc4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php."
}
],
"id": "CVE-2005-1833",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-31T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111757191118050\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15552"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.mybboard.com/community/showthread.php?tid=2559"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/17024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111757191118050\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/15552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.mybboard.com/community/showthread.php?tid=2559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/17024"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-12 16:07
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6942A9C-55E6-4A87-903F-3C8314EA4EA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java\u0026 #115;cript,\" a different vulnerability than CVE-2006-3761."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en inc/functions_post.php en MyBB (tambi\u00e9n conocido como MyBulletinBoard) 1.1.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de una URL con una etiqueta BBCode que contiene una URI javascript con una referencia al caracter num\u00e9rico SGML y un espacio embebido, como se demuestra usando \"java\u0026 #115;cript,\" una vulnerabilidad diferente que la CVE-2006-3761."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nMyBB, MyBB, 1.1.8",
"id": "CVE-2006-4706",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-12T16:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21697"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1541"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3418"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-11 10:19
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | * | |
| mybulletinboard | mybulletinboard | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EDA88C-D8F0-4914-8FC6-BB5C0D1E0D33",
"versionEndIncluding": "1.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "890AE1FD-307D-41A4-AF91-397EDAFFCF10",
"versionEndIncluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n create_session en class_session.php de MyBB (tambi\u00e9n conocido como MyBulletinBoard) 1.2.3 y anteriores permite a atacantes remotos ejecutar comandos sql de su elecci\u00f3n mediante la cabecera HTTP Client-IP, como ha sido utilizado por index.php, un asunto relacionado con CVE-2006-3775."
}
],
"id": "CVE-2007-1963",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-11T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/attachment.php?aid=5842"
},
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/showthread.php?tid=18002"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34657"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24689"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1244"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/attachment.php?aid=5842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/showthread.php?tid=18002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3653"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-26 15:50
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.00_rc1 | |
| mybulletinboard | mybulletinboard | 1.00_rc2 | |
| mybulletinboard | mybulletinboard | 1.00_rc3 | |
| mybulletinboard | mybulletinboard | 1.00_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2F2E0F-94E6-4D63-903F-0090E9D90BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC63F97-643C-43B9-83E5-E43928CB1CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "43876FE9-F002-4524-B6C2-5DE4992E0A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE10B8B4-167D-430D-9C7D-6CF934F17D68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282."
}
],
"id": "CVE-2005-2697",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-26T15:50:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112448791006470\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13722/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112448791006470\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13722/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14615"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-25 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code."
}
],
"id": "CVE-2006-2589",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-25T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/952"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/434728/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/434728/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28520"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-26 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | * | |
| mybulletinboard | mybulletinboard | 1.0 | |
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0.3 | |
| mybulletinboard | mybulletinboard | 1.0.4 | |
| mybulletinboard | mybulletinboard | 1.1 | |
| mybulletinboard | mybulletinboard | 1.1.2 | |
| mybulletinboard | mybulletinboard | 1.1.3 | |
| mybulletinboard | mybulletinboard | 1.1.4 | |
| mybulletinboard | mybulletinboard | 1.1.5 | |
| mybulletinboard | mybulletinboard | 1.1.6 | |
| mybulletinboard | mybulletinboard | 1.1.7 | |
| mybulletinboard | mybulletinboard | 1.1.8 | |
| mybulletinboard | mybulletinboard | 1.2 | |
| mybulletinboard | mybulletinboard | 1.2.3 | |
| mybulletinboard | mybulletinboard | 1.2.5 | |
| mybulletinboard | mybulletinboard | 1.2.10 | |
| mybulletinboard | mybulletinboard | 1.2.11 | |
| mybulletinboard | mybulletinboard | 1.4.2 | |
| mybulletinboard | mybulletinboard | 1.4.3 | |
| mybulletinboard | mybulletinboard | 1.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8605C19E-93AA-4344-9F02-18D6042D3310",
"versionEndIncluding": "1.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "858E3AD8-8A7C-4B33-A2AA-3C543D46E35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64E11CB6-E5E5-42CF-A2A4-B1DD3ABADBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59C3A929-B608-42FC-BB31-7599146E8CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4409B6-9F4D-4136-BA74-43736215A122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D70B64CF-6EF1-487A-9617-68F904ACE727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94EC0E67-111A-4989-A311-6B051D37CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7F962969-76AF-4CB2-BD20-A02D703B01C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6942A9C-55E6-4A87-903F-3C8314EA4EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC39A88-9F34-4119-8404-8495735290DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A15A18B-E4DB-4622-977B-3AA495E2F39A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4494C452-BB14-4180-A26E-572752FA6111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FD3E97-2E37-4FE3-83A7-13E489BDFF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C6BC25-C1BB-4640-9CC5-F10C0C119C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04247BE7-8EF5-4A9C-AD27-F29611FA4A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9593588E-1FCC-42E0-9E8D-0A96386C3126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66A6AF1A-7099-4987-AB45-DA363F29327C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "29F3FD0D-25AB-4D1B-871C-2545FD13EA76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en inc/datahandlers/user.php en MyBB (alias MyBulletinBoard) antes de v1.4.7 permite a atacantes remotos autenticados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro birthdayprivacy ."
}
],
"id": "CVE-2009-2230",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-26T18:30:00.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://mybboard.net/download/104"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35517"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9001"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/35458"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mybboard.net/download/104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/35458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1653"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-12 20:06
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59C3A929-B608-42FC-BB31-7599146E8CB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nMyBB, MyBB, 1.1.3",
"id": "CVE-2006-2949",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-12T20:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20492"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/436286/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18297"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2190"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436286/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26994"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-01 02:02
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter."
}
],
"id": "CVE-2006-0494",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-01T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/423465/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/423465/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24461"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-23 01:03
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | preview_release_2_rev_686 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:preview_release_2_rev_686:*:*:*:*:*:*:*",
"matchCriteriaId": "38BB76EE-D834-4CD1-BCB8-4820A72EB0EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors."
}
],
"id": "CVE-2005-3778",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-23T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://community.mybboard.net/showthread.php?tid=4507\u0026pid=27223#pid27223"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17577/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://community.mybboard.net/showthread.php?tid=4507\u0026pid=27223#pid27223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17577/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-01 02:02
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable)."
}
],
"id": "CVE-2006-0495",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-01T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/423443/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16419"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/423443/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24392"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-29 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php."
}
],
"evaluatorSolution": "Successful exploitation requires access to the admin section.",
"id": "CVE-2006-2103",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-29T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19865"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/808"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25074"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25075"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/432229/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1566"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/432229/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/1566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26103"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-06-01 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile."
}
],
"id": "CVE-2005-1811",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-01T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/bugtraq/2005/May/0338.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://secunia.com/advisories/15552"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014081"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/bugtraq/2005/May/0338.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://secunia.com/advisories/15552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13819"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-23 01:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | preview_release_2_rev_686 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:preview_release_2_rev_686:*:*:*:*:*:*:*",
"matchCriteriaId": "38BB76EE-D834-4CD1-BCB8-4820A72EB0EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system."
}
],
"id": "CVE-2005-3776",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-23T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113198945111329\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17577/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113198945111329\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17577/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter."
}
],
"id": "CVE-2005-0282",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110486566600980\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/12161"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110486566600980\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/12161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-23 01:03
Modified
2025-04-03 01:03
Severity ?
Summary
MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | preview_release_2_rev_686 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:preview_release_2_rev_686:*:*:*:*:*:*:*",
"matchCriteriaId": "38BB76EE-D834-4CD1-BCB8-4820A72EB0EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form."
}
],
"id": "CVE-2005-3777",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-23T01:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113198945111329\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17577/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113198945111329\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17577/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/175"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-13 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.00_rc1 | |
| mybulletinboard | mybulletinboard | 1.00_rc2 | |
| mybulletinboard | mybulletinboard | 1.00_rc3 | |
| mybulletinboard | mybulletinboard | 1.0_rc4 | |
| mybulletinboard | mybulletinboard | 1.00_rc4 | |
| mybulletinboard | mybulletinboard | 1.00_rc4_security_patch | |
| mybulletinboard | mybulletinboard | preview_release_2 | |
| mybulletinboard | mybulletinboard | preview_release_2_rev_686 | |
| mybulletinboard | mybulletinboard | rc1 | |
| mybulletinboard | mybulletinboard | rc2 | |
| mybulletinboard | mybulletinboard | rc3 | |
| mybulletinboard | mybulletinboard | rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2F2E0F-94E6-4D63-903F-0090E9D90BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC63F97-643C-43B9-83E5-E43928CB1CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "43876FE9-F002-4524-B6C2-5DE4992E0A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE10B8B4-167D-430D-9C7D-6CF934F17D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4_security_patch:*:*:*:*:*:*:*",
"matchCriteriaId": "488811F6-7CC9-4F56-AD7C-81247B351851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D2BF5B5-6364-44D5-9CB0-4C9070B88CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:preview_release_2_rev_686:*:*:*:*:*:*:*",
"matchCriteriaId": "38BB76EE-D834-4CD1-BCB8-4820A72EB0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "794B59C3-0318-49F5-A409-E258E4D322C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "14F3D49D-C89A-44FB-B254-4F8BAA20BFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDCAC700-1448-4BD4-97F4-8CC06F518524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE181AB-C597-48A3-A5DA-135E601968AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199."
}
],
"id": "CVE-2005-4200",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-13T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/showthread.php?tid=5184\u0026pid=30964#pid30964"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18000"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15793"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/showthread.php?tid=5184\u0026pid=30964#pid30964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2842"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE181AB-C597-48A3-A5DA-135E601968AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter."
}
],
"id": "CVE-2005-3326",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/showthread.php?tid=4507\u0026pid=27223#pid27223"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20700"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/414672"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/showthread.php?tid=4507\u0026pid=27223#pid27223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/414672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15204"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-25 01:07
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0.3 | |
| mybulletinboard | mybulletinboard | 1.0.4 | |
| mybulletinboard | mybulletinboard | 1.0_final | |
| mybulletinboard | mybulletinboard | 1.0_preview_release_2 | |
| mybulletinboard | mybulletinboard | 1.0_rc2 | |
| mybulletinboard | mybulletinboard | 1.1 | |
| mybulletinboard | mybulletinboard | 1.1.1 | |
| mybulletinboard | mybulletinboard | 1.1.2 | |
| mybulletinboard | mybulletinboard | 1.1.3 | |
| mybulletinboard | mybulletinboard | 1.1.4 | |
| mybulletinboard | mybulletinboard | 1.1.5 | |
| mybulletinboard | mybulletinboard | 1.1.7 | |
| mybulletinboard | mybulletinboard | 1.10 | |
| mybulletinboard | mybulletinboard | 1.14 | |
| mybulletinboard | mybulletinboard | 1.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "894A8A8C-24BE-4B28-9CF4-46DD04ED38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64E11CB6-E5E5-42CF-A2A4-B1DD3ABADBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59C3A929-B608-42FC-BB31-7599146E8CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4409B6-9F4D-4136-BA74-43736215A122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D70B64CF-6EF1-487A-9617-68F904ACE727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94EC0E67-111A-4989-A311-6B051D37CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6942A9C-55E6-4A87-903F-3C8314EA4EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0846A9BC-9FFC-4C93-911D-431688A6FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "42490451-EA60-4C61-99FB-526EFA3CBA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "956399FC-9377-478D-98E9-0024C61CA7E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en archive/index.php/forum-4.html en MyBB (tambi\u00e9n conocido c\u00f3mo MyBulletinBoard) permite a un atacante remoto inyectar una secuencia de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro navbits[][name]."
}
],
"evaluatorSolution": "Successful exploitation requires that \"register_globals\" is enabled.",
"id": "CVE-2006-4972",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-25T01:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21972"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1628"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3666"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-05 10:04
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0846A9BC-9FFC-4C93-911D-431688A6FB58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en inc/functions_post.php en MyBB (tambi\u00e9n conocido como MyBulletinBoard) 1.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un evento JavaScript en una etiqueta de correo electr\u00f3nico BBCode, como se demuestra usando el evento onmousemove."
}
],
"id": "CVE-2006-1625",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-05T10:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19516"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24375"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/429748/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17368"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1216"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/429748/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25615"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-19 11:06
Modified
2025-04-03 01:03
Severity ?
Summary
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0.3 | |
| mybulletinboard | mybulletinboard | 1.0.4 | |
| mybulletinboard | mybulletinboard | 1.0_final | |
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | rc1 | |
| mybulletinboard | mybulletinboard | rc2 | |
| mybulletinboard | mybulletinboard | rc3 | |
| mybulletinboard | mybulletinboard | rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "794B59C3-0318-49F5-A409-E258E4D322C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "14F3D49D-C89A-44FB-B254-4F8BAA20BFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "EDCAC700-1448-4BD4-97F4-8CC06F518524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE181AB-C597-48A3-A5DA-135E601968AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages."
}
],
"id": "CVE-2006-1282",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-19T11:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://kapda.ir/advisory-295.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/427747/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17097"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://kapda.ir/advisory-295.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/427747/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/17097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25267"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-20 18:06
Modified
2025-04-03 01:03
Severity ?
Summary
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0846A9BC-9FFC-4C93-911D-431688A6FB58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks."
}
],
"evaluatorSolution": "Upgrade to MyBB 1.1.1",
"id": "CVE-2006-1912",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-20T18:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/showthread.php?tid=8232"
},
{
"source": "cve@mitre.org",
"url": "http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19668"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24710"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24711"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431061/30/5580/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1381"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/showthread.php?tid=8232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431061/30/5580/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25865"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-11 10:19
Modified
2025-04-09 00:30
Severity ?
Summary
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybb | mybb | 1.2.5 | |
| mybulletinboard | mybulletinboard | 1.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybb:mybb:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "98AFD77B-A046-4AB9-B6F4-FFFF66C63C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FD3E97-2E37-4FE3-83A7-13E489BDFF0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account\u0027s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
},
{
"lang": "es",
"value": "member.php en MyBB (tambi\u00e9n conocido como MyBulletinBoard), cuando el modo de depuraci\u00f3n est\u00e1 disponible, permite a atacantes remotos autenticados cambiar la contrase\u00f1a de cualquier cuenta dando la direcci\u00f3n de correo electr\u00f3nico de cuentas registradas en una petici\u00f3n de depuraci\u00f3n para la acci\u00f3n do_lostpw, lo cual imprime el c\u00f3digo de verificaci\u00f3n de cambio de la contrase\u00f1a en la salida de depuraci\u00f3n."
}
],
"id": "CVE-2007-1964",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-11T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2544"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-21 14:03
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D70B64CF-6EF1-487A-9617-68F904ACE727",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to \"user group manipulation.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en MyBB (tambi\u00e9n conocido como MyBulletinBoard) 1.1.4, tiene impacto y vectores de ataque desconocidos relacionados con \"manipulaci\u00f3n de grupos de usuarios\"."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nMyBB, MyBB, 1.1.5",
"id": "CVE-2006-3759",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-21T14:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20873"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/26810"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/26810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27446"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-02 11:02
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.0.1 | |
| mybulletinboard | mybulletinboard | 1.0.2 | |
| mybulletinboard | mybulletinboard | 1.0_final | |
| mybulletinboard | mybulletinboard | 1.0_pr2 | |
| mybulletinboard | mybulletinboard | 1.0_preview_release_2 | |
| mybulletinboard | mybulletinboard | 1.0_rc2 | |
| mybulletinboard | mybulletinboard | 1.0_rc4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "894A8A8C-24BE-4B28-9CF4-46DD04ED38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable."
}
],
"id": "CVE-2006-0523",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-02T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://community.mybboard.net/showthread.php?tid=6418"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18678"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22903"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0400"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://community.mybboard.net/showthread.php?tid=6418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24416"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-12 00:02
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter."
}
],
"id": "CVE-2006-2336",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-12T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/884"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25674"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/433564/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17904"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433564/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26376"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-20 18:06
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64E11CB6-E5E5-42CF-A2A4-B1DD3ABADBAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nMyBB, MyBB, 1.1.1",
"id": "CVE-2006-1911",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-20T18:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=8232"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19668"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1381"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=8232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25864"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-07 22:06
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "525AD7D5-C94C-4BCD-8C03-B48E8BC91BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter."
}
],
"id": "CVE-2006-1065",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-07T22:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19061"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426631/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426631/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25018"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-22 01:02
Modified
2025-04-03 01:03
Severity ?
Summary
polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0846A9BC-9FFC-4C93-911D-431688A6FB58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an \"option[]=null\" parameter value, which reveals the path in an error message."
}
],
"id": "CVE-2006-1345",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-22T01:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/428056/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428056/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25337"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-21 14:03
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D70B64CF-6EF1-487A-9617-68F904ACE727",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en MyBB (tambi\u00e9n conocido como MyBulletinBoard) 1.1.4 permiten a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nMyBB, MyBB, 1.1.4",
"id": "CVE-2006-3760",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-21T14:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20873"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/26811"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/26811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-24 12:19
Modified
2025-04-03 01:03
Severity ?
Summary
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94EC0E67-111A-4989-A311-6B051D37CEE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[\u0027HTTP_CLIENT_IP\u0027] variable), as utilized by index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n init en class_session.php en MyBB (tambi\u00e9n conocido como MyBulletinBoard) 1.1.5 permit a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de la cabecera CLIENT-IP HTTP ($_SERVER[\u0027HTTP_CLIENT_IP\u0027] variable), tal y como se utiliza en index.php."
}
],
"id": "CVE-2006-3775",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-24T12:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/mybb_115_sql.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21070"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1262"
},
{
"source": "cve@mitre.org",
"url": "http://www.mybboard.com/archive.php?nid=16"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2811"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/mybb_115_sql.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mybboard.com/archive.php?nid=16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-01 21:04
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98789943-2C7D-404E-B61E-04C436C1681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "678B50B3-D151-40ED-8CAA-C12FC5BA4520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*",
"matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2F2E0F-94E6-4D63-903F-0090E9D90BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC63F97-643C-43B9-83E5-E43928CB1CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "894A8A8C-24BE-4B28-9CF4-46DD04ED38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "43876FE9-F002-4524-B6C2-5DE4992E0A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE10B8B4-167D-430D-9C7D-6CF934F17D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.00_rc4_security_patch:*:*:*:*:*:*:*",
"matchCriteriaId": "488811F6-7CC9-4F56-AD7C-81247B351851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD20FC3-BAE3-4623-B64D-3AA7073C404A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64E11CB6-E5E5-42CF-A2A4-B1DD3ABADBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1079E0F-7B89-45A9-83AD-F72470A63B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59C3A929-B608-42FC-BB31-7599146E8CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4409B6-9F4D-4136-BA74-43736215A122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D70B64CF-6EF1-487A-9617-68F904ACE727",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94EC0E67-111A-4989-A311-6B051D37CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6942A9C-55E6-4A87-903F-3C8314EA4EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "525AD7D5-C94C-4BCD-8C03-B48E8BC91BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0846A9BC-9FFC-4C93-911D-431688A6FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "42490451-EA60-4C61-99FB-526EFA3CBA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "956399FC-9377-478D-98E9-0024C61CA7E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en usercp.php en MyBB (tambi\u00e9n conocido como MyBulletinBoard) 1.x permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de la secuencia ..(punto punto) en el par\u00e1metro gallery en un acci\u00f3n (1) avatar o (2) do_avatar."
}
],
"id": "CVE-2006-3954",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-01T21:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1319"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19195"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-13 01:02
Modified
2025-04-03 01:03
Severity ?
Summary
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mybulletinboard | mybulletinboard | 1.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59C3A929-B608-42FC-BB31-7599146E8CB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier."
}
],
"id": "CVE-2006-2908",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-13T01:02:00.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20371"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2006-40/advisory/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securityreason.com/securityalert/1086"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securitytracker.com/id?1016270"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.514.es/download/mybibi.pl"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.osvdb.org/26216"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/436767/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/437509/100/100/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/18396"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2006/2288"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2006-40/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.514.es/download/mybibi.pl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436767/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/437509/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27046"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2005-2778 (GCVE-0-2005-2778)
Vulnerability from cvelistv5
Published
2005-09-02 04:00
Modified
2024-08-07 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14684",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14684"
},
{
"name": "20050828 Member.php SQL Injection in MyBB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112535137320050\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14684",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14684"
},
{
"name": "20050828 Member.php SQL Injection in MyBB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112535137320050\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14684"
},
{
"name": "20050828 Member.php SQL Injection in MyBB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112535137320050\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2778",
"datePublished": "2005-09-02T04:00:00",
"dateReserved": "2005-09-02T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1912 (GCVE-0-2006-1912)
Vulnerability from cvelistv5
Published
2006-04-20 18:00
Modified
2024-08-07 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybb-global-init-data-manipulation(25865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25865"
},
{
"name": "24710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24710"
},
{
"name": "19668",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19668"
},
{
"name": "ADV-2006-1381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1381"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=8232"
},
{
"name": "20060415 [KAPDA]MyBB1.1.0~global.php~ParameterExtracting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431061/30/5580/threaded"
},
{
"name": "24711",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24711"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybb-global-init-data-manipulation(25865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25865"
},
{
"name": "24710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24710"
},
{
"name": "19668",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19668"
},
{
"name": "ADV-2006-1381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1381"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=8232"
},
{
"name": "20060415 [KAPDA]MyBB1.1.0~global.php~ParameterExtracting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431061/30/5580/threaded"
},
{
"name": "24711",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24711"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-global-init-data-manipulation(25865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25865"
},
{
"name": "24710",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24710"
},
{
"name": "19668",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19668"
},
{
"name": "ADV-2006-1381",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1381"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=8232",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=8232"
},
{
"name": "20060415 [KAPDA]MyBB1.1.0~global.php~ParameterExtracting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431061/30/5580/threaded"
},
{
"name": "24711",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24711"
},
{
"name": "http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-04-14/mybb110globalphpparameterextracting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1912",
"datePublished": "2006-04-20T18:00:00",
"dateReserved": "2006-04-20T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4971 (GCVE-0-2006-4971)
Vulnerability from cvelistv5
Published
2006-09-25 01:00
Modified
2024-08-07 19:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3666",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4971",
"datePublished": "2006-09-25T01:00:00",
"dateReserved": "2006-09-24T00:00:00",
"dateUpdated": "2024-08-07T19:32:22.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1272 (GCVE-0-2006-1272)
Vulnerability from cvelistv5
Published
2006-03-19 02:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kapda.ir/advisory-297.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name": "17097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17097"
},
{
"name": "20060314 [[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427746/100/0/threaded"
},
{
"name": "mybb-member-xss(25263)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kapda.ir/advisory-297.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name": "17097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17097"
},
{
"name": "20060314 [[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427746/100/0/threaded"
},
{
"name": "mybb-member-xss(25263)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25263"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23935",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23935"
},
{
"name": "http://kapda.ir/advisory-297.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-297.html"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=7368",
"refsource": "MISC",
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name": "17097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17097"
},
{
"name": "20060314 [[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427746/100/0/threaded"
},
{
"name": "mybb-member-xss(25263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25263"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1272",
"datePublished": "2006-03-19T02:00:00",
"dateReserved": "2006-03-18T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0959 (GCVE-0-2006-0959)
Vulnerability from cvelistv5
Published
2006-03-02 23:00
Modified
2024-08-07 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0774",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0774"
},
{
"name": "16631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16631"
},
{
"name": "20060228 MyBB 1.3 NewSQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426320/100/0/threaded"
},
{
"name": "20060303 MyBB 1.04 Perl Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426653/100/0/threaded"
},
{
"name": "512",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/512"
},
{
"name": "1539",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1539"
},
{
"name": "19061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19061"
},
{
"name": "23554",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23554"
},
{
"name": "mybb-misc-sql-injection(24953)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24953"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0774",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0774"
},
{
"name": "16631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16631"
},
{
"name": "20060228 MyBB 1.3 NewSQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426320/100/0/threaded"
},
{
"name": "20060303 MyBB 1.04 Perl Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426653/100/0/threaded"
},
{
"name": "512",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/512"
},
{
"name": "1539",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1539"
},
{
"name": "19061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19061"
},
{
"name": "23554",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23554"
},
{
"name": "mybb-misc-sql-injection(24953)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24953"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0774",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0774"
},
{
"name": "16631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16631"
},
{
"name": "20060228 MyBB 1.3 NewSQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426320/100/0/threaded"
},
{
"name": "20060303 MyBB 1.04 Perl Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426653/100/0/threaded"
},
{
"name": "512",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/512"
},
{
"name": "1539",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1539"
},
{
"name": "19061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19061"
},
{
"name": "23554",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23554"
},
{
"name": "mybb-misc-sql-injection(24953)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24953"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0959",
"datePublished": "2006-03-02T23:00:00",
"dateReserved": "2006-03-02T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4603 (GCVE-0-2005-4603)
Vulnerability from cvelistv5
Published
2006-01-02 00:00
Modified
2024-08-07 23:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0012",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0012"
},
{
"name": "20051231 MyBB XSS cross-site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420569/100/0/threaded"
},
{
"name": "18281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18281"
},
{
"name": "310",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/310"
},
{
"name": "21601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21601"
},
{
"name": "16096",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0012",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0012"
},
{
"name": "20051231 MyBB XSS cross-site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420569/100/0/threaded"
},
{
"name": "18281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18281"
},
{
"name": "310",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/310"
},
{
"name": "21601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21601"
},
{
"name": "16096",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0012"
},
{
"name": "20051231 MyBB XSS cross-site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420569/100/0/threaded"
},
{
"name": "18281",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18281"
},
{
"name": "310",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/310"
},
{
"name": "21601",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21601"
},
{
"name": "16096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4603",
"datePublished": "2006-01-02T00:00:00",
"dateReserved": "2006-01-01T00:00:00",
"dateUpdated": "2024-08-07T23:53:28.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0523 (GCVE-0-2006-0523)
Vulnerability from cvelistv5
Published
2006-02-02 11:00
Modified
2024-08-07 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybb-global-sql-injection(24416)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24416"
},
{
"name": "22903",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22903"
},
{
"name": "ADV-2006-0400",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0400"
},
{
"name": "18678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18678"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=6418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybb-global-sql-injection(24416)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24416"
},
{
"name": "22903",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22903"
},
{
"name": "ADV-2006-0400",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0400"
},
{
"name": "18678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18678"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=6418"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-global-sql-injection(24416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24416"
},
{
"name": "22903",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22903"
},
{
"name": "ADV-2006-0400",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0400"
},
{
"name": "18678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18678"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=6418",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=6418"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0523",
"datePublished": "2006-02-02T11:00:00",
"dateReserved": "2006-02-02T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0382 (GCVE-0-2008-0382)
Vulnerability from cvelistv5
Published
2008-01-22 19:00
Modified
2024-08-07 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4928",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4928"
},
{
"name": "28509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28509"
},
{
"name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
},
{
"name": "27322",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27322"
},
{
"name": "4927",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4927"
},
{
"name": "3559",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4928",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4928"
},
{
"name": "28509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28509"
},
{
"name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
},
{
"name": "27322",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27322"
},
{
"name": "4927",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4927"
},
{
"name": "3559",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3559"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4928",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4928"
},
{
"name": "28509",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28509"
},
{
"name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
},
{
"name": "27322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27322"
},
{
"name": "4927",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4927"
},
{
"name": "3559",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3559"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0382",
"datePublished": "2008-01-22T19:00:00",
"dateReserved": "2008-01-22T00:00:00",
"dateUpdated": "2024-08-07T07:46:55.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4602 (GCVE-0-2005-4602)
Vulnerability from cvelistv5
Published
2006-01-02 00:00
Modified
2024-08-07 23:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0012",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0012"
},
{
"name": "20051231 MyBB 1.0 SQL injection in uploading file",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420573/100/0/threaded"
},
{
"name": "22159",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22159"
},
{
"name": "311",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/311"
},
{
"name": "18281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18281"
},
{
"name": "16097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0012",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0012"
},
{
"name": "20051231 MyBB 1.0 SQL injection in uploading file",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420573/100/0/threaded"
},
{
"name": "22159",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22159"
},
{
"name": "311",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/311"
},
{
"name": "18281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18281"
},
{
"name": "16097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0012"
},
{
"name": "20051231 MyBB 1.0 SQL injection in uploading file",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420573/100/0/threaded"
},
{
"name": "22159",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22159"
},
{
"name": "311",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/311"
},
{
"name": "18281",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18281"
},
{
"name": "16097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4602",
"datePublished": "2006-01-02T00:00:00",
"dateReserved": "2006-01-01T00:00:00",
"dateUpdated": "2024-08-07T23:53:28.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0770 (GCVE-0-2006-0770)
Vulnerability from cvelistv5
Published
2006-02-18 21:00
Modified
2024-08-07 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:55.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18866",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18866"
},
{
"name": "mybb-advanceddetails-xss(24748)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24748"
},
{
"name": "ADV-2006-0635",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0635"
},
{
"name": "23264",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in \"advanced details\". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18866",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18866"
},
{
"name": "mybb-advanceddetails-xss(24748)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24748"
},
{
"name": "ADV-2006-0635",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0635"
},
{
"name": "23264",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23264"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in \"advanced details\". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18866",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18866"
},
{
"name": "mybb-advanceddetails-xss(24748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24748"
},
{
"name": "ADV-2006-0635",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0635"
},
{
"name": "23264",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23264"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0770",
"datePublished": "2006-02-18T21:00:00",
"dateReserved": "2006-02-18T00:00:00",
"dateUpdated": "2024-08-07T16:48:55.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2908 (GCVE-0-2006-2908)
Vulnerability from cvelistv5
Published
2006-06-13 01:00
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1086",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1086"
},
{
"name": "1016270",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016270"
},
{
"name": "20060612 Secunia Research: MyBB \"domecode()\" PHP Code ExecutionVulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436767/100/0/threaded"
},
{
"name": "18396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18396"
},
{
"name": "20371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20371"
},
{
"name": "ADV-2006-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2288"
},
{
"name": "26216",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26216"
},
{
"name": "20060613 Proof of concept: mybb 1.1.2 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437509/100/100/threaded"
},
{
"name": "mybb-domecode-code-execution(27046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27046"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2006-40/advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.514.es/download/mybibi.pl"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "1086",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1086"
},
{
"name": "1016270",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016270"
},
{
"name": "20060612 Secunia Research: MyBB \"domecode()\" PHP Code ExecutionVulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436767/100/0/threaded"
},
{
"name": "18396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18396"
},
{
"name": "20371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20371"
},
{
"name": "ADV-2006-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2288"
},
{
"name": "26216",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26216"
},
{
"name": "20060613 Proof of concept: mybb 1.1.2 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437509/100/100/threaded"
},
{
"name": "mybb-domecode-code-execution(27046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27046"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2006-40/advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.514.es/download/mybibi.pl"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2006-2908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1086",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1086"
},
{
"name": "1016270",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016270"
},
{
"name": "20060612 Secunia Research: MyBB \"domecode()\" PHP Code ExecutionVulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436767/100/0/threaded"
},
{
"name": "18396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18396"
},
{
"name": "20371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20371"
},
{
"name": "ADV-2006-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2288"
},
{
"name": "26216",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26216"
},
{
"name": "20060613 Proof of concept: mybb 1.1.2 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437509/100/100/threaded"
},
{
"name": "mybb-domecode-code-execution(27046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27046"
},
{
"name": "http://secunia.com/secunia_research/2006-40/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-40/advisory/"
},
{
"name": "http://www.514.es/download/mybibi.pl",
"refsource": "MISC",
"url": "http://www.514.es/download/mybibi.pl"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2006-2908",
"datePublished": "2006-06-13T01:00:00",
"dateReserved": "2006-06-08T00:00:00",
"dateUpdated": "2024-08-07T18:06:27.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1963 (GCVE-0-2007-1963)
Vulnerability from cvelistv5
Published
2007-04-11 10:00
Modified
2024-08-07 13:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:42.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=18002"
},
{
"name": "24689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24689"
},
{
"name": "ADV-2007-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1244"
},
{
"name": "3653",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3653"
},
{
"name": "34657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/attachment.php?aid=5842"
},
{
"name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=18002"
},
{
"name": "24689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24689"
},
{
"name": "ADV-2007-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1244"
},
{
"name": "3653",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3653"
},
{
"name": "34657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/attachment.php?aid=5842"
},
{
"name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.mybboard.net/showthread.php?tid=18002",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=18002"
},
{
"name": "24689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24689"
},
{
"name": "ADV-2007-1244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1244"
},
{
"name": "3653",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3653"
},
{
"name": "34657",
"refsource": "OSVDB",
"url": "http://osvdb.org/34657"
},
{
"name": "http://community.mybboard.net/attachment.php?aid=5842",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/attachment.php?aid=5842"
},
{
"name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1963",
"datePublished": "2007-04-11T10:00:00",
"dateReserved": "2007-04-10T00:00:00",
"dateUpdated": "2024-08-07T13:13:42.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3420 (GCVE-0-2006-3420)
Vulnerability from cvelistv5
Published
2006-07-07 00:00
Modified
2024-08-07 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybb-editpost-xsrf(27682)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27682"
},
{
"name": "20659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20659"
},
{
"name": "26807",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybb-editpost-xsrf(27682)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27682"
},
{
"name": "20659",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20659"
},
{
"name": "26807",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-editpost-xsrf(27682)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27682"
},
{
"name": "20659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20659"
},
{
"name": "26807",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3420",
"datePublished": "2006-07-07T00:00:00",
"dateReserved": "2006-07-06T00:00:00",
"dateUpdated": "2024-08-07T18:30:32.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0219 (GCVE-0-2006-0219)
Vulnerability from cvelistv5
Published
2006-01-16 21:00
Modified
2024-08-07 16:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=5960"
},
{
"name": "16230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=5853\u0026pid=35151#pid35151"
},
{
"name": "mybb-usercp-script-sql-injection(24115)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=5853\u0026pid=35088#pid35088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=5960"
},
{
"name": "16230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://community.mybboard.net/showthread.php?tid=5853\u0026pid=35151#pid35151"
},
{
"name": "mybb-usercp-script-sql-injection(24115)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://community.mybboard.net/showthread.php?tid=5853\u0026pid=35088#pid35088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.mybboard.net/showthread.php?tid=5960",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=5960"
},
{
"name": "16230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16230"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=5853\u0026pid=35151#pid35151",
"refsource": "MISC",
"url": "http://community.mybboard.net/showthread.php?tid=5853\u0026pid=35151#pid35151"
},
{
"name": "mybb-usercp-script-sql-injection(24115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24115"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=5853\u0026pid=35088#pid35088",
"refsource": "MISC",
"url": "http://community.mybboard.net/showthread.php?tid=5853\u0026pid=35088#pid35088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0219",
"datePublished": "2006-01-16T21:00:00",
"dateReserved": "2006-01-16T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3326 (GCVE-0-2005-3326)
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:07.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051026 SQL-Injection in MyBulletinBoard allows attacker to become a board admin.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/414672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=4507\u0026pid=27223#pid27223"
},
{
"name": "20700",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20700"
},
{
"name": "15204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051026 SQL-Injection in MyBulletinBoard allows attacker to become a board admin.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/414672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=4507\u0026pid=27223#pid27223"
},
{
"name": "20700",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20700"
},
{
"name": "15204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15204"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051026 SQL-Injection in MyBulletinBoard allows attacker to become a board admin.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/414672"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=4507\u0026pid=27223#pid27223",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=4507\u0026pid=27223#pid27223"
},
{
"name": "20700",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20700"
},
{
"name": "15204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15204"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3326",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:07.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0364 (GCVE-0-2006-0364)
Vulnerability from cvelistv5
Published
2006-01-22 20:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript".
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0255",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0255"
},
{
"name": "mybb-html-signature-xss(24225)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24225"
},
{
"name": "16308",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16308"
},
{
"name": "20060118 MyBB Signature HTML Code Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.html"
},
{
"name": "22628",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22628"
},
{
"name": "18544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18544"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by \"\u0026#106\u0026#97\u0026#118\u0026#97\u0026#115\u0026#99\u0026#114\u0026#105\u0026#112\u0026#116\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0255",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0255"
},
{
"name": "mybb-html-signature-xss(24225)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24225"
},
{
"name": "16308",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16308"
},
{
"name": "20060118 MyBB Signature HTML Code Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.html"
},
{
"name": "22628",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22628"
},
{
"name": "18544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18544"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by \"\u0026#106\u0026#97\u0026#118\u0026#97\u0026#115\u0026#99\u0026#114\u0026#105\u0026#112\u0026#116\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0255",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0255"
},
{
"name": "mybb-html-signature-xss(24225)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24225"
},
{
"name": "16308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16308"
},
{
"name": "20060118 MyBB Signature HTML Code Injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.html"
},
{
"name": "22628",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22628"
},
{
"name": "18544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18544"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0364",
"datePublished": "2006-01-22T20:00:00",
"dateReserved": "2006-01-22T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3775 (GCVE-0-2006-3775)
Vulnerability from cvelistv5
Published
2006-07-21 18:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21070"
},
{
"name": "mybb-clientip-sql-injection(27752)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
},
{
"name": "ADV-2006-2811",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2811"
},
{
"name": "1262",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1262"
},
{
"name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/mybb_115_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[\u0027HTTP_CLIENT_IP\u0027] variable), as utilized by index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21070"
},
{
"name": "mybb-clientip-sql-injection(27752)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
},
{
"name": "ADV-2006-2811",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2811"
},
{
"name": "1262",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1262"
},
{
"name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/mybb_115_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[\u0027HTTP_CLIENT_IP\u0027] variable), as utilized by index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21070"
},
{
"name": "mybb-clientip-sql-injection(27752)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
},
{
"name": "ADV-2006-2811",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2811"
},
{
"name": "1262",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1262"
},
{
"name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
},
{
"name": "http://retrogod.altervista.org/mybb_115_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/mybb_115_sql.html"
},
{
"name": "http://www.mybboard.com/archive.php?nid=16",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3775",
"datePublished": "2006-07-21T18:00:00",
"dateReserved": "2006-07-21T00:00:00",
"dateUpdated": "2024-08-07T18:39:54.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0470 (GCVE-0-2006-0470)
Vulnerability from cvelistv5
Published
2006-01-31 11:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/attachment.php?aid=2181"
},
{
"name": "mybb-search-xss(24466)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"
},
{
"name": "20060125 MyBB 1.0.2 XSS attack in search.php redirection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/lists/bugtraq/2006/Jan/0414.html"
},
{
"name": "16387",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16387"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=6418"
},
{
"name": "ADV-2006-0350",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0350"
},
{
"name": "18617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18617"
},
{
"name": "374",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/374"
},
{
"name": "22750",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/attachment.php?aid=2181"
},
{
"name": "mybb-search-xss(24466)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"
},
{
"name": "20060125 MyBB 1.0.2 XSS attack in search.php redirection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/lists/bugtraq/2006/Jan/0414.html"
},
{
"name": "16387",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16387"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=6418"
},
{
"name": "ADV-2006-0350",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0350"
},
{
"name": "18617",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18617"
},
{
"name": "374",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/374"
},
{
"name": "22750",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.mybboard.net/attachment.php?aid=2181",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/attachment.php?aid=2181"
},
{
"name": "mybb-search-xss(24466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"
},
{
"name": "20060125 MyBB 1.0.2 XSS attack in search.php redirection",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2006/Jan/0414.html"
},
{
"name": "16387",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16387"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=6418",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=6418"
},
{
"name": "ADV-2006-0350",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0350"
},
{
"name": "18617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18617"
},
{
"name": "374",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/374"
},
{
"name": "22750",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0470",
"datePublished": "2006-01-31T11:00:00",
"dateReserved": "2006-01-31T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2580 (GCVE-0-2005-2580)
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-07 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14553"
},
{
"name": "20050812 My Bulletin Board RC 4 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112387501519835\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14553"
},
{
"name": "20050812 My Bulletin Board RC 4 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112387501519835\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14553"
},
{
"name": "20050812 My Bulletin Board RC 4 Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112387501519835\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2580",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3758 (GCVE-0-2006-3758)
Vulnerability from cvelistv5
Published
2006-07-21 00:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-index-sql-injection(27445)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
},
{
"name": "26809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26809"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
},
{
"name": "20873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-index-sql-injection(27445)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
},
{
"name": "26809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26809"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
},
{
"name": "20873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.mybboard.net/showthread.php?tid=10115",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name": "http://www.mybboard.com/archive.php?nid=15",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-index-sql-injection(27445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
},
{
"name": "26809",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26809"
},
{
"name": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
},
{
"name": "20873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3758",
"datePublished": "2006-07-21T00:00:00",
"dateReserved": "2006-07-20T00:00:00",
"dateUpdated": "2024-08-07T18:39:54.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2949 (GCVE-0-2006-2949)
Vulnerability from cvelistv5
Published
2006-06-12 20:00
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18297"
},
{
"name": "20492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20492"
},
{
"name": "ADV-2006-2190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2190"
},
{
"name": "mybb-private-xss(26994)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26994"
},
{
"name": "20060606 MyBB 1.1.2 New XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436286/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18297"
},
{
"name": "20492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20492"
},
{
"name": "ADV-2006-2190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2190"
},
{
"name": "mybb-private-xss(26994)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26994"
},
{
"name": "20060606 MyBB 1.1.2 New XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436286/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18297"
},
{
"name": "20492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20492"
},
{
"name": "ADV-2006-2190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2190"
},
{
"name": "mybb-private-xss(26994)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26994"
},
{
"name": "20060606 MyBB 1.1.2 New XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436286/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2949",
"datePublished": "2006-06-12T20:00:00",
"dateReserved": "2006-06-12T00:00:00",
"dateUpdated": "2024-08-07T18:06:27.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1716 (GCVE-0-2006-1716)
Vulnerability from cvelistv5
Published
2006-04-11 23:00
Modified
2024-08-07 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17413"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kapda.ir/advisory-305.html"
},
{
"name": "19516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19516"
},
{
"name": "mybb-email-img-bbcode-xss(25615)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25615"
},
{
"name": "24375",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-03-12/mybb-110functions_postphpxss-attack.html"
},
{
"name": "20060407 [KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430344/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17413"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kapda.ir/advisory-305.html"
},
{
"name": "19516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19516"
},
{
"name": "mybb-email-img-bbcode-xss(25615)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25615"
},
{
"name": "24375",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-03-12/mybb-110functions_postphpxss-attack.html"
},
{
"name": "20060407 [KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430344/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17413"
},
{
"name": "http://kapda.ir/advisory-305.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-305.html"
},
{
"name": "19516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19516"
},
{
"name": "mybb-email-img-bbcode-xss(25615)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25615"
},
{
"name": "24375",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24375"
},
{
"name": "http://myimei.com/security/2006-03-12/mybb-110functions_postphpxss-attack.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-03-12/mybb-110functions_postphpxss-attack.html"
},
{
"name": "20060407 [KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430344/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1716",
"datePublished": "2006-04-11T23:00:00",
"dateReserved": "2006-04-11T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1282 (GCVE-0-2006-1282)
Vulnerability from cvelistv5
Published
2006-03-19 11:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060314 [KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427747/100/0/threaded"
},
{
"name": "17097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17097"
},
{
"name": "mybb-crlf-header-injection(25267)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25267"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kapda.ir/advisory-295.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060314 [KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427747/100/0/threaded"
},
{
"name": "17097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17097"
},
{
"name": "mybb-crlf-header-injection(25267)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25267"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kapda.ir/advisory-295.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060314 [KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427747/100/0/threaded"
},
{
"name": "17097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17097"
},
{
"name": "mybb-crlf-header-injection(25267)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25267"
},
{
"name": "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=7368",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name": "http://kapda.ir/advisory-295.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-295.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1282",
"datePublished": "2006-03-19T11:00:00",
"dateReserved": "2006-03-18T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2589 (GCVE-0-2006-2589)
Vulnerability from cvelistv5
Published
2006-05-25 10:00
Modified
2024-08-07 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybb-rss-sql-injection(28520)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28520"
},
{
"name": "952",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/952"
},
{
"name": "20060518 mybb v1.1.1(rss.php) SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434728/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybb-rss-sql-injection(28520)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28520"
},
{
"name": "952",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/952"
},
{
"name": "20060518 mybb v1.1.1(rss.php) SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434728/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-rss-sql-injection(28520)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28520"
},
{
"name": "952",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/952"
},
{
"name": "20060518 mybb v1.1.1(rss.php) SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434728/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2589",
"datePublished": "2006-05-25T10:00:00",
"dateReserved": "2006-05-25T00:00:00",
"dateUpdated": "2024-08-07T17:58:51.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0494 (GCVE-0-2006-0494)
Vulnerability from cvelistv5
Published
2006-02-01 02:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060130 MyBB 1.2 Local File Incusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423465/100/0/threaded"
},
{
"name": "mybb-plugins-file-include(24461)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060130 MyBB 1.2 Local File Incusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423465/100/0/threaded"
},
{
"name": "mybb-plugins-file-include(24461)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060130 MyBB 1.2 Local File Incusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423465/100/0/threaded"
},
{
"name": "mybb-plugins-file-include(24461)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0494",
"datePublished": "2006-02-01T02:00:00",
"dateReserved": "2006-01-31T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1345 (GCVE-0-2006-1345)
Vulnerability from cvelistv5
Published
2006-03-22 01:00
Modified
2024-08-07 17:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:20.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060317 MyBB 1.10 Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428056/100/0/threaded"
},
{
"name": "mybb-polls-path-disclosure(25337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an \"option[]=null\" parameter value, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060317 MyBB 1.10 Full Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428056/100/0/threaded"
},
{
"name": "mybb-polls-path-disclosure(25337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25337"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an \"option[]=null\" parameter value, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060317 MyBB 1.10 Full Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428056/100/0/threaded"
},
{
"name": "mybb-polls-path-disclosure(25337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25337"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1345",
"datePublished": "2006-03-22T01:00:00",
"dateReserved": "2006-03-21T00:00:00",
"dateUpdated": "2024-08-07T17:12:20.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4449 (GCVE-0-2006-4449)
Vulnerability from cvelistv5
Published
2006-08-30 01:00
Modified
2024-08-07 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060825 MyBB Html Injection ( XSS )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
},
{
"name": "1469",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1469"
},
{
"name": "21645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21645"
},
{
"name": "19718",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19718"
},
{
"name": "mybb-attachment-xss(28587)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060825 MyBB Html Injection ( XSS )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
},
{
"name": "1469",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1469"
},
{
"name": "21645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21645"
},
{
"name": "19718",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19718"
},
{
"name": "mybb-attachment-xss(28587)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060825 MyBB Html Injection ( XSS )",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
},
{
"name": "1469",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1469"
},
{
"name": "21645",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21645"
},
{
"name": "19718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19718"
},
{
"name": "mybb-attachment-xss(28587)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
},
{
"name": "http://www.mybboard.com/archive.php?nid=18",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4449",
"datePublished": "2006-08-30T01:00:00",
"dateReserved": "2006-08-29T00:00:00",
"dateUpdated": "2024-08-07T19:14:46.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2211 (GCVE-0-2007-2211)
Vulnerability from cvelistv5
Published
2007-04-24 20:00
Modified
2024-08-07 13:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:51.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23612"
},
{
"name": "ADV-2007-1510",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1510"
},
{
"name": "24967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24967"
},
{
"name": "3780",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3780"
},
{
"name": "mybb-calendar-sql-injection(33814)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23612"
},
{
"name": "ADV-2007-1510",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1510"
},
{
"name": "24967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24967"
},
{
"name": "3780",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3780"
},
{
"name": "mybb-calendar-sql-injection(33814)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23612"
},
{
"name": "ADV-2007-1510",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1510"
},
{
"name": "24967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24967"
},
{
"name": "3780",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3780"
},
{
"name": "mybb-calendar-sql-injection(33814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2211",
"datePublished": "2007-04-24T20:00:00",
"dateReserved": "2007-04-24T00:00:00",
"dateUpdated": "2024-08-07T13:23:51.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1832 (GCVE-0-2005-1832)
Vulnerability from cvelistv5
Published
2005-06-02 04:00
Modified
2024-08-07 22:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111757191118050\u0026w=2"
},
{
"name": "15552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/community/showthread.php?tid=2559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111757191118050\u0026w=2"
},
{
"name": "15552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/community/showthread.php?tid=2559"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111757191118050\u0026w=2"
},
{
"name": "15552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15552"
},
{
"name": "http://www.mybboard.com/community/showthread.php?tid=2559",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/community/showthread.php?tid=2559"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1832",
"datePublished": "2005-06-02T04:00:00",
"dateReserved": "2005-06-02T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3761 (GCVE-0-2006-3761)
Vulnerability from cvelistv5
Published
2006-07-21 00:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript".
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26808",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26808"
},
{
"name": "mybb-url-tag-xss(27444)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27444"
},
{
"name": "20060628 [KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438588/100/200/threaded"
},
{
"name": "18702",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18702"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html"
},
{
"name": "1257",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1257"
},
{
"name": "20873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using \"java\u0026#115;cript\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26808",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26808"
},
{
"name": "mybb-url-tag-xss(27444)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27444"
},
{
"name": "20060628 [KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438588/100/200/threaded"
},
{
"name": "18702",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18702"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html"
},
{
"name": "1257",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1257"
},
{
"name": "20873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using \"java\u0026#115;cript\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26808",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26808"
},
{
"name": "mybb-url-tag-xss(27444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27444"
},
{
"name": "20060628 [KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438588/100/200/threaded"
},
{
"name": "18702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18702"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=10115",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name": "http://www.mybboard.com/archive.php?nid=15",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html"
},
{
"name": "1257",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1257"
},
{
"name": "20873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3761",
"datePublished": "2006-07-21T00:00:00",
"dateReserved": "2006-07-20T00:00:00",
"dateUpdated": "2024-08-07T18:39:54.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2697 (GCVE-0-2005-2697)
Vulnerability from cvelistv5
Published
2005-08-25 04:00
Modified
2024-08-07 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050819 Vul in MyBB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112448791006470\u0026w=2"
},
{
"name": "14615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14615"
},
{
"name": "13722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13722/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050819 Vul in MyBB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112448791006470\u0026w=2"
},
{
"name": "14615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14615"
},
{
"name": "13722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13722/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050819 Vul in MyBB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112448791006470\u0026w=2"
},
{
"name": "14615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14615"
},
{
"name": "13722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13722/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2697",
"datePublished": "2005-08-25T04:00:00",
"dateReserved": "2005-08-25T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3777 (GCVE-0-2005-3777)
Vulnerability from cvelistv5
Published
2005-11-23 01:00
Modified
2024-08-07 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17577/"
},
{
"name": "20051114 Multiple Bugs in MyBB 1.0 PR2 Rev 686(Updated Nov 1, 2005)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113198945111329\u0026w=2"
},
{
"name": "175",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17577/"
},
{
"name": "20051114 Multiple Bugs in MyBB 1.0 PR2 Rev 686(Updated Nov 1, 2005)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113198945111329\u0026w=2"
},
{
"name": "175",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/175"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17577/"
},
{
"name": "20051114 Multiple Bugs in MyBB 1.0 PR2 Rev 686(Updated Nov 1, 2005)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113198945111329\u0026w=2"
},
{
"name": "175",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/175"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3777",
"datePublished": "2005-11-23T01:00:00",
"dateReserved": "2005-11-23T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4706 (GCVE-0-2006-4706)
Vulnerability from cvelistv5
Published
2006-09-12 16:00
Modified
2024-08-07 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21697"
},
{
"name": "1541",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1541"
},
{
"name": "ADV-2006-3418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java\u0026 #115;cript,\" a different vulnerability than CVE-2006-3761."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21697"
},
{
"name": "1541",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1541"
},
{
"name": "ADV-2006-3418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java\u0026 #115;cript,\" a different vulnerability than CVE-2006-3761."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21697"
},
{
"name": "1541",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1541"
},
{
"name": "ADV-2006-3418",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
},
{
"name": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
},
{
"name": "http://www.mybboard.com/archive.php?nid=18",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4706",
"datePublished": "2006-09-12T16:00:00",
"dateReserved": "2006-09-12T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3778 (GCVE-0-2005-3778)
Vulnerability from cvelistv5
Published
2005-11-23 01:00
Modified
2024-09-16 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17577/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=4507\u0026pid=27223#pid27223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-23T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17577/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=4507\u0026pid=27223#pid27223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17577/"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=4507\u0026pid=27223#pid27223",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=4507\u0026pid=27223#pid27223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3778",
"datePublished": "2005-11-23T01:00:00Z",
"dateReserved": "2005-11-23T00:00:00Z",
"dateUpdated": "2024-09-16T17:48:51.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1281 (GCVE-0-2006-1281)
Vulnerability from cvelistv5
Published
2006-03-19 11:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23935"
},
{
"name": "17097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17097"
},
{
"name": "17492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17492"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html"
},
{
"name": "19213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name": "mybb-member-url-xss(25266)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25266"
},
{
"name": "ADV-2006-0971",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0971"
},
{
"name": "20060314 [KAPDA::#35] - MyBB1.0.4~member.php~XSS after login",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427744/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kapda.ir/advisory-296.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23935",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23935"
},
{
"name": "17097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17097"
},
{
"name": "17492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17492"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html"
},
{
"name": "19213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name": "mybb-member-url-xss(25266)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25266"
},
{
"name": "ADV-2006-0971",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0971"
},
{
"name": "20060314 [KAPDA::#35] - MyBB1.0.4~member.php~XSS after login",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427744/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kapda.ir/advisory-296.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23935",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23935"
},
{
"name": "17097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17097"
},
{
"name": "17492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17492"
},
{
"name": "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html"
},
{
"name": "19213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19213"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=7368",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name": "mybb-member-url-xss(25266)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25266"
},
{
"name": "ADV-2006-0971",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0971"
},
{
"name": "20060314 [KAPDA::#35] - MyBB1.0.4~member.php~XSS after login",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427744/100/0/threaded"
},
{
"name": "http://kapda.ir/advisory-296.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-296.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1281",
"datePublished": "2006-03-19T11:00:00",
"dateReserved": "2006-03-18T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1911 (GCVE-0-2006-1911)
Vulnerability from cvelistv5
Published
2006-04-20 18:00
Modified
2024-08-07 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybb-html-attachment-xss(25864)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25864"
},
{
"name": "19668",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19668"
},
{
"name": "ADV-2006-1381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1381"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=8232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybb-html-attachment-xss(25864)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25864"
},
{
"name": "19668",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19668"
},
{
"name": "ADV-2006-1381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1381"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=8232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-html-attachment-xss(25864)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25864"
},
{
"name": "19668",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19668"
},
{
"name": "ADV-2006-1381",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1381"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=8232",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=8232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1911",
"datePublished": "2006-04-20T18:00:00",
"dateReserved": "2006-04-20T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1625 (GCVE-0-2006-1625)
Vulnerability from cvelistv5
Published
2006-04-05 10:00
Modified
2024-08-07 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17368"
},
{
"name": "19516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19516"
},
{
"name": "mybb-email-img-bbcode-xss(25615)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25615"
},
{
"name": "24375",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24375"
},
{
"name": "ADV-2006-1216",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1216"
},
{
"name": "20060402 MyBB 1.10 New CrossSiteScripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/429748/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17368"
},
{
"name": "19516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19516"
},
{
"name": "mybb-email-img-bbcode-xss(25615)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25615"
},
{
"name": "24375",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24375"
},
{
"name": "ADV-2006-1216",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1216"
},
{
"name": "20060402 MyBB 1.10 New CrossSiteScripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/429748/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17368"
},
{
"name": "19516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19516"
},
{
"name": "mybb-email-img-bbcode-xss(25615)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25615"
},
{
"name": "24375",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24375"
},
{
"name": "ADV-2006-1216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1216"
},
{
"name": "20060402 MyBB 1.10 New CrossSiteScripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429748/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1625",
"datePublished": "2006-04-05T10:00:00",
"dateReserved": "2006-04-05T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3243 (GCVE-0-2006-3243)
Vulnerability from cvelistv5
Published
2006-06-27 10:00
Modified
2024-08-07 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:20.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html"
},
{
"name": "20060622 [KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438209"
},
{
"name": "mybb-showcodebuttons-sql-injection(27410)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=9955"
},
{
"name": "1147",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1147"
},
{
"name": "ADV-2006-2511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2511"
},
{
"name": "20795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html"
},
{
"name": "20060622 [KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438209"
},
{
"name": "mybb-showcodebuttons-sql-injection(27410)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=9955"
},
{
"name": "1147",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1147"
},
{
"name": "ADV-2006-2511",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2511"
},
{
"name": "20795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20795"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html"
},
{
"name": "20060622 [KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438209"
},
{
"name": "mybb-showcodebuttons-sql-injection(27410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27410"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=9955",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=9955"
},
{
"name": "1147",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1147"
},
{
"name": "ADV-2006-2511",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2511"
},
{
"name": "20795",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20795"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3243",
"datePublished": "2006-06-27T10:00:00",
"dateReserved": "2006-06-26T00:00:00",
"dateUpdated": "2024-08-07T18:23:20.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3953 (GCVE-0-2006-3953)
Vulnerability from cvelistv5
Published
2006-08-01 21:00
Modified
2024-08-07 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "19193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19193"
},
{
"name": "1319",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "19193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19193"
},
{
"name": "1319",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "19193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19193"
},
{
"name": "1319",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3953",
"datePublished": "2006-08-01T21:00:00",
"dateReserved": "2006-08-01T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0495 (GCVE-0-2006-0495)
Vulnerability from cvelistv5
Published
2006-02-01 02:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable).
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybb-usercp2-xss(24392)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24392"
},
{
"name": "16419",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16419"
},
{
"name": "20060129 MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423443/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybb-usercp2-xss(24392)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24392"
},
{
"name": "16419",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16419"
},
{
"name": "20060129 MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423443/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-usercp2-xss(24392)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24392"
},
{
"name": "16419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16419"
},
{
"name": "20060129 MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423443/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0495",
"datePublished": "2006-02-01T02:00:00",
"dateReserved": "2006-01-31T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1974 (GCVE-0-2006-1974)
Vulnerability from cvelistv5
Published
2006-04-21 10:00
Modified
2024-09-16 19:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:30.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16443/exploit"
},
{
"name": "16443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-21T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/16443/exploit"
},
{
"name": "16443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/16443/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/16443/exploit"
},
{
"name": "16443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1974",
"datePublished": "2006-04-21T10:00:00Z",
"dateReserved": "2006-04-21T00:00:00Z",
"dateUpdated": "2024-09-16T19:25:55.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3776 (GCVE-0-2005-3776)
Vulnerability from cvelistv5
Published
2005-11-23 01:00
Modified
2024-08-07 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17577/"
},
{
"name": "20051114 Multiple Bugs in MyBB 1.0 PR2 Rev 686(Updated Nov 1, 2005)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113198945111329\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17577/"
},
{
"name": "20051114 Multiple Bugs in MyBB 1.0 PR2 Rev 686(Updated Nov 1, 2005)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113198945111329\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17577/"
},
{
"name": "20051114 Multiple Bugs in MyBB 1.0 PR2 Rev 686(Updated Nov 1, 2005)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113198945111329\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3776",
"datePublished": "2005-11-23T01:00:00",
"dateReserved": "2005-11-23T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0639 (GCVE-0-2006-0639)
Vulnerability from cvelistv5
Published
2006-02-10 11:00
Modified
2024-08-07 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybb-search-xss(24466)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"
},
{
"name": "20060208 Re: [myimei]MyBB 1.0.2 XSS attack in search.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424375/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-01-14/mybb-102searchphpxss-attackandmore.html"
},
{
"name": "20060207 [myimei]MyBB 1.0.2 XSS attack in search.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424334/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybb-search-xss(24466)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"
},
{
"name": "20060208 Re: [myimei]MyBB 1.0.2 XSS attack in search.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424375/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-01-14/mybb-102searchphpxss-attackandmore.html"
},
{
"name": "20060207 [myimei]MyBB 1.0.2 XSS attack in search.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424334/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-search-xss(24466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"
},
{
"name": "20060208 Re: [myimei]MyBB 1.0.2 XSS attack in search.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424375/100/0/threaded"
},
{
"name": "http://myimei.com/security/2006-01-14/mybb-102searchphpxss-attackandmore.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-01-14/mybb-102searchphpxss-attackandmore.html"
},
{
"name": "20060207 [myimei]MyBB 1.0.2 XSS attack in search.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424334/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0639",
"datePublished": "2006-02-10T11:00:00",
"dateReserved": "2006-02-10T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3759 (GCVE-0-2006-3759)
Vulnerability from cvelistv5
Published
2006-07-21 00:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation."
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybb-user-groups-unspecified(27446)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27446"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "26810",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26810"
},
{
"name": "20873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to \"user group manipulation.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybb-user-groups-unspecified(27446)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27446"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "26810",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26810"
},
{
"name": "20873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to \"user group manipulation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-user-groups-unspecified(27446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27446"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=10115",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name": "http://www.mybboard.com/archive.php?nid=15",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "26810",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26810"
},
{
"name": "20873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3759",
"datePublished": "2006-07-21T00:00:00",
"dateReserved": "2006-07-20T00:00:00",
"dateUpdated": "2024-08-07T18:39:54.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2230 (GCVE-0-2009-2230)
Vulnerability from cvelistv5
Published
2009-06-26 18:00
Modified
2024-08-07 05:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35458"
},
{
"name": "9001",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9001"
},
{
"name": "35517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35517"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mybboard.net/download/104"
},
{
"name": "ADV-2009-1653",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35458"
},
{
"name": "9001",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9001"
},
{
"name": "35517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35517"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mybboard.net/download/104"
},
{
"name": "ADV-2009-1653",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35458"
},
{
"name": "9001",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9001"
},
{
"name": "35517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35517"
},
{
"name": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/",
"refsource": "CONFIRM",
"url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
},
{
"name": "http://mybboard.net/download/104",
"refsource": "CONFIRM",
"url": "http://mybboard.net/download/104"
},
{
"name": "ADV-2009-1653",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2230",
"datePublished": "2009-06-26T18:00:00",
"dateReserved": "2009-06-26T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1065 (GCVE-0-2006-1065)
Vulnerability from cvelistv5
Published
2006-03-07 22:00
Modified
2024-08-07 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybb-search-sql-injection(25018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25018"
},
{
"name": "19061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19061"
},
{
"name": "20060302 MyBB 1.0.4 New SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426631/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybb-search-sql-injection(25018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25018"
},
{
"name": "19061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19061"
},
{
"name": "20060302 MyBB 1.0.4 New SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426631/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-search-sql-injection(25018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25018"
},
{
"name": "19061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19061"
},
{
"name": "20060302 MyBB 1.0.4 New SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426631/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1065",
"datePublished": "2006-03-07T22:00:00",
"dateReserved": "2006-03-07T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1833 (GCVE-0-2005-1833)
Vulnerability from cvelistv5
Published
2005-06-02 04:00
Modified
2024-08-07 22:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111757191118050\u0026w=2"
},
{
"name": "15552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/community/showthread.php?tid=2559"
},
{
"name": "17024",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111757191118050\u0026w=2"
},
{
"name": "15552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/community/showthread.php?tid=2559"
},
{
"name": "17024",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111757191118050\u0026w=2"
},
{
"name": "15552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15552"
},
{
"name": "http://www.mybboard.com/community/showthread.php?tid=2559",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/community/showthread.php?tid=2559"
},
{
"name": "17024",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1833",
"datePublished": "2005-06-02T04:00:00",
"dateReserved": "2005-06-02T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4200 (GCVE-0-2005-4200)
Vulnerability from cvelistv5
Published
2005-12-13 11:00
Modified
2024-08-07 23:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15793",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15793"
},
{
"name": "18000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18000"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=5184\u0026pid=30964#pid30964"
},
{
"name": "ADV-2005-2842",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15793",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15793"
},
{
"name": "18000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18000"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=5184\u0026pid=30964#pid30964"
},
{
"name": "ADV-2005-2842",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2842"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15793"
},
{
"name": "18000",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18000"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=5184\u0026pid=30964#pid30964",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=5184\u0026pid=30964#pid30964"
},
{
"name": "ADV-2005-2842",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2842"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4200",
"datePublished": "2005-12-13T11:00:00",
"dateReserved": "2005-12-13T00:00:00",
"dateUpdated": "2024-08-07T23:38:51.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0787 (GCVE-0-2008-0787)
Vulnerability from cvelistv5
Published
2008-02-15 00:00
Modified
2024-08-07 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:38.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-64.html"
},
{
"name": "27378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27378"
},
{
"name": "28572",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28572/"
},
{
"name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=27675"
},
{
"name": "1019257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019257"
},
{
"name": "5070",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5070"
},
{
"name": "ADV-2008-0238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0238"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-64.html"
},
{
"name": "27378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27378"
},
{
"name": "28572",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28572/"
},
{
"name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=27675"
},
{
"name": "1019257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019257"
},
{
"name": "5070",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5070"
},
{
"name": "ADV-2008-0238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0238"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-64.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-64.html"
},
{
"name": "27378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27378"
},
{
"name": "28572",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28572/"
},
{
"name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=27675",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=27675"
},
{
"name": "1019257",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019257"
},
{
"name": "5070",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5070"
},
{
"name": "ADV-2008-0238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0238"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0787",
"datePublished": "2008-02-15T00:00:00",
"dateReserved": "2008-02-14T00:00:00",
"dateUpdated": "2024-08-07T08:01:38.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0406 (GCVE-0-2006-0406)
Vulnerability from cvelistv5
Published
2006-01-25 02:00
Modified
2024-08-07 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybb-search-information-disclosure(24272)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24272"
},
{
"name": "18577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18577"
},
{
"name": "20060114 MyBB 1.0.2 Sniffing table perfix bug in search.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/422227/100/0/threaded"
},
{
"name": "22736",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybb-search-information-disclosure(24272)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24272"
},
{
"name": "18577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18577"
},
{
"name": "20060114 MyBB 1.0.2 Sniffing table perfix bug in search.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/422227/100/0/threaded"
},
{
"name": "22736",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-search-information-disclosure(24272)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24272"
},
{
"name": "18577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18577"
},
{
"name": "20060114 MyBB 1.0.2 Sniffing table perfix bug in search.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422227/100/0/threaded"
},
{
"name": "22736",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0406",
"datePublished": "2006-01-25T02:00:00",
"dateReserved": "2006-01-25T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3954 (GCVE-0-2006-3954)
Vulnerability from cvelistv5
Published
2006-08-01 21:00
Modified
2024-08-07 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "1319",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1319"
},
{
"name": "19195",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19195"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "1319",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1319"
},
{
"name": "19195",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19195"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "1319",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1319"
},
{
"name": "19195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19195"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3954",
"datePublished": "2006-08-01T21:00:00",
"dateReserved": "2006-08-01T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1717 (GCVE-0-2006-1717)
Vulnerability from cvelistv5
Published
2006-04-11 23:00
Modified
2024-08-07 17:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19516"
},
{
"name": "17427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17427"
},
{
"name": "20060409 MyBB 1.10 \u0027newthread.php\u0027 \u003c CrossSiteScripting \u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430464/100/0/threaded"
},
{
"name": "mybb-newthread-xss(25730)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19516"
},
{
"name": "17427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17427"
},
{
"name": "20060409 MyBB 1.10 \u0027newthread.php\u0027 \u003c CrossSiteScripting \u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430464/100/0/threaded"
},
{
"name": "mybb-newthread-xss(25730)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19516"
},
{
"name": "17427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17427"
},
{
"name": "20060409 MyBB 1.10 \u0027newthread.php\u0027 \u003c CrossSiteScripting \u003e",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430464/100/0/threaded"
},
{
"name": "mybb-newthread-xss(25730)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1717",
"datePublished": "2006-04-11T23:00:00",
"dateReserved": "2006-04-11T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3760 (GCVE-0-2006-3760)
Vulnerability from cvelistv5
Published
2006-07-21 00:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name": "26811",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26811"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-unspecified-sql-injection(27483)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
},
{
"name": "20873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name": "26811",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26811"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-unspecified-sql-injection(27483)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
},
{
"name": "20873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.mybboard.net/showthread.php?tid=10115",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name": "26811",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26811"
},
{
"name": "http://www.mybboard.com/archive.php?nid=15",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-unspecified-sql-injection(27483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
},
{
"name": "20873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3760",
"datePublished": "2006-07-21T00:00:00",
"dateReserved": "2006-07-20T00:00:00",
"dateUpdated": "2024-08-07T18:39:54.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2103 (GCVE-0-2006-2103)
Vulnerability from cvelistv5
Published
2006-04-29 10:00
Modified
2024-08-07 17:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25074"
},
{
"name": "25075",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25075"
},
{
"name": "808",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/808"
},
{
"name": "19865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19865"
},
{
"name": "mybb-adminfunctions-templates-sql-injection(26103)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26103"
},
{
"name": "ADV-2006-1566",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1566"
},
{
"name": "20060427 MyBB 1.1.1 Local SQL Injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432229/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25074"
},
{
"name": "25075",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25075"
},
{
"name": "808",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/808"
},
{
"name": "19865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19865"
},
{
"name": "mybb-adminfunctions-templates-sql-injection(26103)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26103"
},
{
"name": "ADV-2006-1566",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1566"
},
{
"name": "20060427 MyBB 1.1.1 Local SQL Injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432229/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25074",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25074"
},
{
"name": "25075",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25075"
},
{
"name": "808",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/808"
},
{
"name": "19865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19865"
},
{
"name": "mybb-adminfunctions-templates-sql-injection(26103)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26103"
},
{
"name": "ADV-2006-1566",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1566"
},
{
"name": "20060427 MyBB 1.1.1 Local SQL Injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432229/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2103",
"datePublished": "2006-04-29T10:00:00",
"dateReserved": "2006-04-29T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4972 (GCVE-0-2006-4972)
Vulnerability from cvelistv5
Published
2006-09-25 01:00
Modified
2024-08-07 19:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1628"
},
{
"name": "21972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1628"
},
{
"name": "21972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21972"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3666",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1628"
},
{
"name": "21972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21972"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4972",
"datePublished": "2006-09-25T01:00:00",
"dateReserved": "2006-09-24T00:00:00",
"dateUpdated": "2024-08-07T19:32:22.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4707 (GCVE-0-2006-4707)
Vulnerability from cvelistv5
Published
2006-09-12 16:00
Modified
2024-08-07 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1540",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1540"
},
{
"name": "21697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21697"
},
{
"name": "ADV-2006-3418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1540",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1540"
},
{
"name": "21697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21697"
},
{
"name": "ADV-2006-3418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1540",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1540"
},
{
"name": "21697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21697"
},
{
"name": "ADV-2006-3418",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"name": "http://www.mybboard.com/archive.php?nid=18",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4707",
"datePublished": "2006-09-12T16:00:00",
"dateReserved": "2006-09-12T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1811 (GCVE-0-2005-1811)
Vulnerability from cvelistv5
Published
2005-06-01 04:00
Modified
2024-08-07 22:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014081",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014081"
},
{
"name": "20050530 MyBB 1.0 RC4 XSS Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/lists/bugtraq/2005/May/0338.html"
},
{
"name": "15552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15552"
},
{
"name": "13819",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13819"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014081",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014081"
},
{
"name": "20050530 MyBB 1.0 RC4 XSS Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/lists/bugtraq/2005/May/0338.html"
},
{
"name": "15552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15552"
},
{
"name": "13819",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13819"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014081",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014081"
},
{
"name": "20050530 MyBB 1.0 RC4 XSS Bug",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/May/0338.html"
},
{
"name": "15552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15552"
},
{
"name": "13819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13819"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1811",
"datePublished": "2005-06-01T04:00:00",
"dateReserved": "2005-06-01T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0282 (GCVE-0-2005-0282)
Vulnerability from cvelistv5
Published
2005-02-10 05:00
Modified
2024-08-07 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mybb-member-sql-injection(18755)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187"
},
{
"name": "20050104 MyBB SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110486566600980\u0026w=2"
},
{
"name": "12161",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mybb-member-sql-injection(18755)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187"
},
{
"name": "20050104 MyBB SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110486566600980\u0026w=2"
},
{
"name": "12161",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-member-sql-injection(18755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187"
},
{
"name": "20050104 MyBB SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110486566600980\u0026w=2"
},
{
"name": "12161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0282",
"datePublished": "2005-02-10T05:00:00",
"dateReserved": "2005-02-10T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1964 (GCVE-0-2007-1964)
Vulnerability from cvelistv5
Published
2007-04-11 10:00
Modified
2024-08-07 13:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:42.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070330 Mybb Change Password Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"name": "mybb-debugmode-information-disclosure(33345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
},
{
"name": "2544",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2544"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account\u0027s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070330 Mybb Change Password Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"name": "mybb-debugmode-information-disclosure(33345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
},
{
"name": "2544",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2544"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account\u0027s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070330 Mybb Change Password Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"name": "mybb-debugmode-information-disclosure(33345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
},
{
"name": "2544",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2544"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1964",
"datePublished": "2007-04-11T10:00:00",
"dateReserved": "2007-04-10T00:00:00",
"dateUpdated": "2024-08-07T13:13:42.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0638 (GCVE-0-2006-0638)
Vulnerability from cvelistv5
Published
2006-02-10 11:00
Modified
2024-08-07 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16538"
},
{
"name": "22957",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22957"
},
{
"name": "ADV-2006-0475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0475"
},
{
"name": "18754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18754"
},
{
"name": "20060207 [myimei]MyBB1.0.3~moderation.php~SqlInject while merging posts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424335/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16538"
},
{
"name": "22957",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22957"
},
{
"name": "ADV-2006-0475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0475"
},
{
"name": "18754",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18754"
},
{
"name": "20060207 [myimei]MyBB1.0.3~moderation.php~SqlInject while merging posts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424335/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16538"
},
{
"name": "22957",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22957"
},
{
"name": "ADV-2006-0475",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0475"
},
{
"name": "18754",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18754"
},
{
"name": "20060207 [myimei]MyBB1.0.3~moderation.php~SqlInject while merging posts",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424335/100/0/threaded"
},
{
"name": "http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-02-07/mybb103moderationphpsqlinject-while-merging-posts.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0638",
"datePublished": "2006-02-10T11:00:00",
"dateReserved": "2006-02-10T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2333 (GCVE-0-2006-2333)
Vulnerability from cvelistv5
Published
2006-05-12 00:00
Modified
2024-08-07 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:29.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "885",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/885"
},
{
"name": "mybb-usercp-member-sql-injection(26545)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26545"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html"
},
{
"name": "20060507 [KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433231/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "885",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/885"
},
{
"name": "mybb-usercp-member-sql-injection(26545)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26545"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html"
},
{
"name": "20060507 [KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433231/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "885",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/885"
},
{
"name": "mybb-usercp-member-sql-injection(26545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26545"
},
{
"name": "http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html"
},
{
"name": "20060507 [KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433231/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2333",
"datePublished": "2006-05-12T00:00:00",
"dateReserved": "2006-05-11T00:00:00",
"dateUpdated": "2024-08-07T17:43:29.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2336 (GCVE-0-2006-2336)
Vulnerability from cvelistv5
Published
2006-05-12 00:00
Modified
2024-08-07 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:29.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "884",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/884"
},
{
"name": "20060509 mybb v1.1.1(showthread.php) SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433564/100/0/threaded"
},
{
"name": "mybb-showthread-sql-injection(26376)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26376"
},
{
"name": "17904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17904"
},
{
"name": "25674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "884",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/884"
},
{
"name": "20060509 mybb v1.1.1(showthread.php) SQL Injection Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433564/100/0/threaded"
},
{
"name": "mybb-showthread-sql-injection(26376)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26376"
},
{
"name": "17904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17904"
},
{
"name": "25674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25674"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "884",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/884"
},
{
"name": "20060509 mybb v1.1.1(showthread.php) SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433564/100/0/threaded"
},
{
"name": "mybb-showthread-sql-injection(26376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26376"
},
{
"name": "17904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17904"
},
{
"name": "25674",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25674"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2336",
"datePublished": "2006-05-12T00:00:00",
"dateReserved": "2006-05-11T00:00:00",
"dateUpdated": "2024-08-07T17:43:29.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2888 (GCVE-0-2005-2888)
Vulnerability from cvelistv5
Published
2005-09-14 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050907 SQL Injection[2] In MyBB PR2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112611068702781\u0026w=2"
},
{
"name": "mybb-misc-newreply-sql-injection(22192)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22192"
},
{
"name": "16738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16738/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050907 SQL Injection[2] In MyBB PR2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112611068702781\u0026w=2"
},
{
"name": "mybb-misc-newreply-sql-injection(22192)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22192"
},
{
"name": "16738",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16738/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050907 SQL Injection[2] In MyBB PR2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112611068702781\u0026w=2"
},
{
"name": "mybb-misc-newreply-sql-injection(22192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22192"
},
{
"name": "16738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16738/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2888",
"datePublished": "2005-09-14T04:00:00",
"dateReserved": "2005-09-14T00:00:00",
"dateUpdated": "2024-08-07T22:53:29.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}