mybulletinboard mybulletinboard preview release 2 vulnerabilities and exploits

(subscribe to this query)

The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows malicious users to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/func...

Mybulletinboard Mybulletinboard 1.0 Final Mybulletinboard Mybulletinboard 1.01 Mybulletinboard Mybulletinboard 1.0.2 Mybulletinboard Mybulletinboard 1.0 Preview Release 2

Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote malicious users to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system.

Mybulletinboard Mybulletinboard Preview Release 2 Rev 686

MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote malicious users to delete or move private messages (PM) via modified fields in the inbox form.

Mybulletinboard Mybulletinboard Preview Release 2 Rev 686

Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) prior to 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199.

Mybulletinboard Mybulletinboard 1.0 Rc4 Mybulletinboard Mybulletinboard 1.00 Rc4 Mybulletinboard Mybulletinboard Rc3 Mybulletinboard Mybulletinboard 1.00 Rc3 Mybulletinboard Mybulletinboard Preview Release 2 Mybulletinboard Mybulletinboard Rc2 Mybulletinboard Mybulletinboard Rc1 Mybulletinboard Mybulletinboard 1.00 Rc4 Security Patch Mybulletinboard Mybulletinboard 1.00 Rc1 Mybulletinboard Mybulletinboard Rc4 Mybulletinboard Mybulletinboard 1.0 Pr2 Mybulletinboard Mybulletinboard 1.00 Rc2 Mybulletinboard Mybulletinboard Preview Release 2 Rev 686

Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote malicious users to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references with...

Mybulletinboard Mybulletinboard 1.0 Final Mybulletinboard Mybulletinboard 1.0 Rc4 Mybulletinboard Mybulletinboard 1.0 Pr2 Mybulletinboard Mybulletinboard 1.0.1 Mybulletinboard Mybulletinboard 1.0.2 Mybulletinboard Mybulletinboard 1.0 Rc2 Mybulletinboard Mybulletinboard 1.0 Preview Release 2

Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote malicious users to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.

Mybulletinboard Mybulletinboard 1.0 Final Mybulletinboard Mybulletinboard 1.0 Rc4 Mybulletinboard Mybulletinboard 1.0 Pr2 Mybulletinboard Mybulletinboard 1.0.1 Mybulletinboard Mybulletinboard 1.0.2 Mybulletinboard Mybulletinboard 1.0 Rc2 Mybulletinboard Mybulletinboard 1.0 Preview Release 2

1 EDB exploit

SQL injection vulnerability in global.php in MyBB prior to 1.03 allows remote malicious users to execute arbitrary SQL commands via the templatelist variable.

Mybulletinboard Mybulletinboard 1.0 Final Mybulletinboard Mybulletinboard 1.0 Rc4 Mybulletinboard Mybulletinboard 1.0 Pr2 Mybulletinboard Mybulletinboard 1.0.1 Mybulletinboard Mybulletinboard 1.0.2 Mybulletinboard Mybulletinboard 1.0 Rc2 Mybulletinboard Mybulletinboard 1.0 Preview Release 2

SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) prior to 1.04 allows remote malicious users to execute arbitrary SQL commands via the referrer parameter.

Mybulletinboard Mybulletinboard 1.0 Final Mybulletinboard Mybulletinboard 1.0 Rc4 Mybulletinboard Mybulletinboard 1.0.3 Mybulletinboard Mybulletinboard 1.0 Pr2 Mybulletinboard Mybulletinboard 1.0.1 Mybulletinboard Mybulletinboard 1.0.2 Mybulletinboard Mybulletinboard 1.0 Rc2 Mybulletinboard Mybulletinboard 1.0 Preview Release 2

1 EDB exploit

Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote malicious users to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of t...

Mybulletinboard Mybulletinboard 1.0 Final Mybulletinboard Mybulletinboard 1.0 Rc4 Mybulletinboard Mybulletinboard 1.0.3 Mybulletinboard Mybulletinboard 1.0 Pr2 Mybulletinboard Mybulletinboard 1.0.1 Mybulletinboard Mybulletinboard 1.0.4 Mybulletinboard Mybulletinboard 1.0.2 Mybulletinboard Mybulletinboard 1.0 Rc2 Mybulletinboard Mybulletinboard 1.0 Preview Release 2

MyBB (aka MyBulletinBoard) allows remote malicious users to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.

Mybulletinboard Mybulletinboard 1.10 Mybulletinboard Mybulletinboard 1.14 Mybulletinboard Mybulletinboard 1.0 Final Mybulletinboard Mybulletinboard 1.1.1 Mybulletinboard Mybulletinboard 1.1.3 Mybulletinboard Mybulletinboard 1.20 Mybulletinboard Mybulletinboard 1.0.3 Mybulletinboard Mybulletinboard 1.1.5 Mybulletinboard Mybulletinboard 1.1 Mybulletinboard Mybulletinboard 1.1.4 Mybulletinboard Mybulletinboard 1.0.1 Mybulletinboard Mybulletinboard 1.0.4 Mybulletinboard Mybulletinboard 1.1.2 Mybulletinboard Mybulletinboard 1.0.2 Mybulletinboard Mybulletinboard 1.0 Rc2 Mybulletinboard Mybulletinboard 1.1.7 Mybulletinboard Mybulletinboard 1.0 Preview Release 2

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook