This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mybulletinboard First view 2005-05-02
Product Mybulletinboard Last view 2009-06-26
Version 1.0_rc4 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:mybulletinboard:mybulletinboard

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2009-06-26 CVE-2009-2230

SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.

7.5 2007-04-24 CVE-2007-2211

SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.

7.5 2007-04-11 CVE-2007-1963

SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.

5 2006-08-01 CVE-2006-3954

Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.

4.3 2006-08-01 CVE-2006-3953

Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

4.3 2006-07-21 CVE-2006-3761

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript".

7.5 2006-06-27 CVE-2006-3243

SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.

7.5 2006-04-21 CVE-2006-1974

SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter.

2.6 2006-02-18 CVE-2006-0770

Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

7.5 2006-02-02 CVE-2006-0523

SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable.

4.3 2006-01-31 CVE-2006-0470

Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.

4.3 2006-01-22 CVE-2006-0364

Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript".

4.3 2005-12-31 CVE-2005-4603

Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread.

10 2005-12-13 CVE-2005-4200

Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199.

4.3 2005-06-01 CVE-2005-1811

Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile.

7.5 2005-05-31 CVE-2005-1833

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.

4.3 2005-05-31 CVE-2005-1832

Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php.

7.5 2005-05-02 CVE-2005-0282

SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
33% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
55283 MyBB inc/datahandlers/user.php birthdayprivacy Parameter SQL Injection
34659 MyBulletinBoard (MyBB) calendar.php Multiple Parameter SQL Injection
34657 MyBulletinBoard (MyBB) class_session.php create_session Function Client-IP HT...
28313 MyBulletinBoard (MyBB) usercp.php gallery Parameter Traversal Arbitrary File ...
28312 MyBulletinBoard (MyBB) usercp.php gallery Parameter XSS
26808 MyBulletinBoard (MyBB) url BBCode Tag XSS
26806 MyBulletinBoard (MyBB) usercp.php showcodebuttons Parameter SQL Injection
25672 MyBulletinBoard (MyBB) index.php referrer Parameter SQL Injection
23264 MyBulletinBoard (MyBB) calendar.php Advanced Details Link XSS
22903 MyBulletinBoard (MyBB) global.php templatelist Parameter SQL Injection
22889 MyBulletinBoard (MyBB) Multiple Unspecified Issues
22750 MyBulletinBoard (MyBB) search.php Multiple Parameter XSS
22628 MyBulletinBoard (MyBB) Allow HTML in Signatures Script Insertion
22158 MyBulletinBoard (MyBB) ratethread.php rating Variable POST Method SQL Injection
22157 MyBulletinBoard (MyBB) member.php rating Variable POST Method SQL Injection
21601 MyBulletinBoard (MyBB) printthread.php Message XSS
21600 MyBulletinBoard (MyBB) calendar.php Multiple Variable POST Method SQL Injection
17023 MyBulletinBoard (MyBB) printthread.php tid Parameter SQL Injection
17022 MyBulletinBoard (MyBB) usercp2.php tid Parameter SQL Injection
17021 MyBulletinBoard (MyBB) showthread.php Multiple Parameter SQL Injection
17020 MyBulletinBoard (MyBB) search.php sid Parameter SQL Injection
17019 MyBulletinBoard (MyBB) newreply.php tid Parameter SQL Injection
17018 MyBulletinBoard (MyBB) forumdisplay.php fid Parameter SQL Injection
17017 MyBulletinBoard (MyBB) editpost.php pid Parameter SQL Injection
17016 MyBulletinBoard (MyBB) memberlist.php usersearch Parameter SQL Injection

Nessus® Vulnerability Scanner

id Description
2006-02-02 Name: The remote web server hosts a PHP application that is affected by a SQL injec...
File: mybb_referrer_sql_injection.nasl - Type: ACT_ATTACK
2005-12-24 Name: The remote web server hosts a PHP application that is affected by a SQL injec...
File: mybb_10.nasl - Type: ACT_ATTACK
2005-09-17 Name: The remote web server hosts a PHP application that is affected by a SQL injec...
File: mybb_rating_sql_injection.nasl - Type: ACT_ATTACK
2005-01-12 Name: The remote web server contains a PHP application that is affected by a SQL in...
File: mybb_sql_injection.nasl - Type: ACT_ATTACK