Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by mybboard
CVE-2010-5096 (GCVE-0-2010-5096)
Vulnerability from cvelistv5 – Published: 2012-08-13 23:00 – Updated: 2024-09-17 04:10 Disputed
VLAI?
Summary
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2010-5096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T15:52:23.724097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:44:49.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "ADP Container"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70014"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.mybb.com/issues/1330"
},
{
"name": "[oss-security] 20120508 Re: CVE-request: MyBB before 1.6.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/7"
},
{
"name": "70013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70013"
},
{
"name": "45565",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45565"
},
{
"name": "[oss-security] 20120325 Re: CVE-request: MyBB 1.6 \u003c= SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/25/1"
},
{
"name": "[oss-security] 20120508 CVE-request: MyBB before 1.6.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/3"
},
{
"name": "[oss-security] 20120323 CVE-request: MyBB 1.6 \u003c= SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying \"Although this doesn\u0027t lead to an SQL injection, it does provide a general MyBB SQL error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-13T23:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "70014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70014"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.mybb.com/issues/1330"
},
{
"name": "[oss-security] 20120508 Re: CVE-request: MyBB before 1.6.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/7"
},
{
"name": "70013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70013"
},
{
"name": "45565",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45565"
},
{
"name": "[oss-security] 20120325 Re: CVE-request: MyBB 1.6 \u003c= SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/25/1"
},
{
"name": "[oss-security] 20120508 CVE-request: MyBB before 1.6.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/3"
},
{
"name": "[oss-security] 20120323 CVE-request: MyBB 1.6 \u003c= SQL Injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/4"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying \"Although this doesn\u0027t lead to an SQL injection, it does provide a general MyBB SQL error.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70014",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70014"
},
{
"name": "http://dev.mybb.com/issues/1330",
"refsource": "MISC",
"url": "http://dev.mybb.com/issues/1330"
},
{
"name": "[oss-security] 20120508 Re: CVE-request: MyBB before 1.6.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/7"
},
{
"name": "70013",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70013"
},
{
"name": "45565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45565"
},
{
"name": "[oss-security] 20120325 Re: CVE-request: MyBB 1.6 \u003c= SQL Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/25/1"
},
{
"name": "[oss-security] 20120508 CVE-request: MyBB before 1.6.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/3"
},
{
"name": "[oss-security] 20120323 CVE-request: MyBB 1.6 \u003c= SQL Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-5096",
"datePublished": "2012-08-13T23:00:00.000Z",
"dateReserved": "2012-04-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:10:28.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4813 (GCVE-0-2009-4813)
Vulnerability from cvelistv5 – Published: 2010-04-27 15:00 – Updated: 2024-08-07 07:17
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2009-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37910"
},
{
"name": "10622",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/10622"
},
{
"name": "37464",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37464"
},
{
"name": "61298",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61298"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37910"
},
{
"name": "10622",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/10622"
},
{
"name": "37464",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37464"
},
{
"name": "61298",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61298"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37910",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37910"
},
{
"name": "10622",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10622"
},
{
"name": "37464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37464"
},
{
"name": "61298",
"refsource": "OSVDB",
"url": "http://osvdb.org/61298"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4813",
"datePublished": "2010-04-27T15:00:00.000Z",
"dateReserved": "2010-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:17:25.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4449 (GCVE-0-2009-4449)
Vulnerability from cvelistv5 – Published: 2009-12-29 20:15 – Updated: 2024-08-07 07:01
VLAI?
Summary
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2009-12-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37489"
},
{
"name": "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/10/08/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/admin/modules/user/users.php"
},
{
"name": "37906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37906"
},
{
"name": "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/10/11/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mybboard.net/issues/617"
},
{
"name": "ADV-2009-3651",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3651"
},
{
"name": "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/06/2"
},
{
"name": "61359",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/usercp.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-04T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37489"
},
{
"name": "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/10/08/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/admin/modules/user/users.php"
},
{
"name": "37906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37906"
},
{
"name": "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/10/11/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mybboard.net/issues/617"
},
{
"name": "ADV-2009-3651",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3651"
},
{
"name": "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/06/2"
},
{
"name": "61359",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/usercp.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37489"
},
{
"name": "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/08/7"
},
{
"name": "http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/admin/modules/user/users.php",
"refsource": "CONFIRM",
"url": "http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/admin/modules/user/users.php"
},
{
"name": "37906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37906"
},
{
"name": "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/11/8"
},
{
"name": "http://dev.mybboard.net/issues/617",
"refsource": "CONFIRM",
"url": "http://dev.mybboard.net/issues/617"
},
{
"name": "ADV-2009-3651",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3651"
},
{
"name": "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/06/2"
},
{
"name": "61359",
"refsource": "OSVDB",
"url": "http://osvdb.org/61359"
},
{
"name": "http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/",
"refsource": "CONFIRM",
"url": "http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/"
},
{
"name": "http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/usercp.php",
"refsource": "CONFIRM",
"url": "http://dev.mybboard.net/projects/mybb/repository/revisions/4663/diff/branches/1.4-stable/usercp.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4449",
"datePublished": "2009-12-29T20:15:00.000Z",
"dateReserved": "2009-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:01:20.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4448 (GCVE-0-2009-4448)
Vulnerability from cvelistv5 – Published: 2009-12-29 20:15 – Updated: 2024-08-07 07:01
VLAI?
Summary
inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2009-12-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/10/08/7"
},
{
"name": "37906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37906"
},
{
"name": "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/10/11/8"
},
{
"name": "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/06/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.mybboard.net/issues/600"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-04T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/10/08/7"
},
{
"name": "37906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37906"
},
{
"name": "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/10/11/8"
},
{
"name": "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/06/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.mybboard.net/issues/600"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/08/7"
},
{
"name": "37906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37906"
},
{
"name": "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/11/8"
},
{
"name": "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/06/2"
},
{
"name": "http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php",
"refsource": "CONFIRM",
"url": "http://dev.mybboard.net/projects/mybb/repository/revisions/4613/diff/branches/1.4-stable/inc/functions_time.php"
},
{
"name": "http://dev.mybboard.net/issues/600",
"refsource": "CONFIRM",
"url": "http://dev.mybboard.net/issues/600"
},
{
"name": "http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/",
"refsource": "CONFIRM",
"url": "http://blog.mybboard.net/2009/12/29/mybb-1-4-11-released-minor-patch-security-update/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4448",
"datePublished": "2009-12-29T20:15:00.000Z",
"dateReserved": "2009-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:01:20.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7082 (GCVE-0-2008-7082)
Vulnerability from cvelistv5 – Published: 2009-08-25 10:00 – Updated: 2024-08-07 11:56
VLAI?
Summary
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2008-11-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081125 MyBB 1.4.3 my_post_key Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498630/100/0/threaded"
},
{
"name": "32467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32467"
},
{
"name": "32880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32880"
},
{
"name": "mybb-mypostkey-weak-security(46885)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46885"
},
{
"name": "50275",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081125 MyBB 1.4.3 my_post_key Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498630/100/0/threaded"
},
{
"name": "32467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32467"
},
{
"name": "32880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32880"
},
{
"name": "mybb-mypostkey-weak-security(46885)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46885"
},
{
"name": "50275",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50275"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081125 MyBB 1.4.3 my_post_key Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498630/100/0/threaded"
},
{
"name": "32467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32467"
},
{
"name": "32880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32880"
},
{
"name": "mybb-mypostkey-weak-security(46885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46885"
},
{
"name": "50275",
"refsource": "OSVDB",
"url": "http://osvdb.org/50275"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7082",
"datePublished": "2009-08-25T10:00:00.000Z",
"dateReserved": "2009-08-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6198 (GCVE-0-2008-6198)
Vulnerability from cvelistv5 – Published: 2009-02-20 00:00 – Updated: 2024-08-07 11:20
VLAI?
Summary
SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2008-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5379",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5379"
},
{
"name": "custompages-pages-sql-injection(41685)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41685"
},
{
"name": "28652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5379",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5379"
},
{
"name": "custompages-pages-sql-injection(41685)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41685"
},
{
"name": "28652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5379",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5379"
},
{
"name": "custompages-pages-sql-injection(41685)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41685"
},
{
"name": "28652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6198",
"datePublished": "2009-02-20T00:00:00.000Z",
"dateReserved": "2009-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:20:25.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}