Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mybulletinboard mybulletinboard vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-2908
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote malicious users to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
Mybulletinboard Mybulletinboard 1.1.2
1 EDB exploit
7.5
CVSSv2
CVE-2006-3758
inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote malicious users to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTT...
Mybulletinboard Mybulletinboard 1.1.4
7.5
CVSSv2
CVE-2006-3760
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Mybulletinboard Mybulletinboard 1.1.4
5.1
CVSSv2
CVE-2006-4449
Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote malicious users to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer...
Mybulletinboard Mybulletinboard 1.1.7
1 EDB exploit
4.3
CVSSv2
CVE-2006-0494
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter.
Mybulletinboard Mybulletinboard 1.0.2
2.1
CVSSv2
CVE-2006-2103
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid,...
Mybulletinboard Mybulletinboard 1.1.1
5
CVSSv2
CVE-2006-1345
polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote malicious users to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message.
Mybulletinboard Mybulletinboard 1.10
4.3
CVSSv2
CVE-2005-3776
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote malicious users to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system.
Mybulletinboard Mybulletinboard Preview Release 2 Rev 686
5
CVSSv2
CVE-2005-3777
MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote malicious users to delete or move private messages (PM) via modified fields in the inbox form.
Mybulletinboard Mybulletinboard Preview Release 2 Rev 686
6.4
CVSSv2
CVE-2006-2589
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote malicious users to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a varia...
Mybulletinboard Mybulletinboard 1.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »