Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mybulletinboard mybulletinboard vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2016-9416
SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) prior to 1.8.8 and MyBB Merge System prior to 1.8.8 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Mybb Merge System
Mybb Mybb
4.3
CVSSv2
CVE-2013-7275
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) prior to 1.6.12 allows remote malicious users to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.
Mybb Mybb 1.6.8
Mybb Mybb 1.4.9
Mybb Mybb 1.4.8
Mybb Mybb 1.4.7
Mybb Mybb 1.4.6
Mybb Mybb 1.3
Mybb Mybb 1.2.9
Mybb Mybb 1.2.8
Mybb Mybb 1.2.7
Mybb Mybb 1.2
Mybb Mybb 1.1.8
Mybb Mybb 1.1.7
Mybb Mybb 1.1.6
Mybb Mybb 1.0
Mybb Mybb 1.6.6
Mybb Mybb 1.6.5
Mybb Mybb 1.6.4
Mybb Mybb 1.6.3
Mybb Mybb 1.6.2
Mybb Mybb 1.4.16
Mybb Mybb 1.4.15
Mybb Mybb 1.4.14
5
CVSSv2
CVE-2016-9418
MyBB (aka MyBulletinBoard) prior to 1.8.8 on Windows and MyBB Merge System prior to 1.8.8 on Windows might allow remote malicious users to obtain sensitive information from ACP backups via vectors involving a short name.
Mybb Mybb
Mybb Merge System
6.8
CVSSv2
CVE-2015-2334
Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) prior to 1.8.4 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Mybb Mybb
7.5
CVSSv2
CVE-2015-2352
The cache handler in MyBB (aka MyBulletinBoard) prior to 1.8.4 does not properly check the encoding of input to the var_export function, which allows malicious users to have an unspecified impact via unknown vectors.
Mybb Mybb
7.5
CVSSv2
CVE-2012-2325
SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) prior to 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors.
Mybb Mybb 1.4.10
Mybb Mybb 1.4.9
Mybb Mybb 1.4.8
Mybb Mybb 1.4.7
Mybb Mybb 1.2.11
Mybb Mybb 1.2.10
Mybb Mybb
Mybb Mybb 1.6.4
Mybb Mybb 1.4.13
Mybb Mybb 1.4.11
Mybb Mybb 1.4.6
Mybb Mybb 1.4.4
Mybb Mybb 1.3
Mybb Mybb 1.2.13
Mybb Mybb 1.2.6
Mybb Mybb 1.2.4
Mybb Mybb 1.1.8
Mybb Mybb 1.1.6
Mybb Mybb 1.04
Mybb Mybb 1.02
Mybb Mybb 1.0
Mybb Mybb 1.2.9
6
CVSSv2
CVE-2007-0544
Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.
Mybb Mybb 1.2.3
7.5
CVSSv2
CVE-2012-5909
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote malicious users to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.
Mybb Mybb 1.6.6
1 EDB exploit
4.3
CVSSv2
CVE-2016-9404
Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) prior to 1.8.7 and MyBB Merge System prior to 1.8.7 might allow remote malicious users to inject arbitrary web script or HTML via vectors related to login.
Mybb Mybb
Mybb Merge System
7.5
CVSSv2
CVE-2015-8973
xmlhttp.php in MyBB (aka MyBulletinBoard) prior to 1.6.18 and 1.8.x prior to 1.8.6 and MyBB Merge System prior to 1.8.6 allows remote malicious users to bypass intended access restrictions via vectors related to the forum password.
Mybb Mybb 1.8.5
Mybb Mybb 1.8.4
Mybb Mybb 1.8.0
Mybb Mybb
Mybb Merge System
Mybb Mybb 1.8.2
Mybb Mybb 1.8.3
Mybb Mybb 1.8.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »