Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    120 vulnerabilities by mybulletinboard

    CVE-2009-2230 (GCVE-0-2009-2230)

    Vulnerability from nvd – Published: 2009-06-26 18:00 – Updated: 2024-08-07 05:44
    VLAI
    Summary
    SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/35458 vdb-entryx_refsource_BID
    http://www.exploit-db.com/exploits/9001 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/35517 third-party-advisoryx_refsource_SECUNIA
    http://blog.mybboard.net/2009/06/15/mybb-147-rele… x_refsource_CONFIRM
    http://mybboard.net/download/104 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/1653 vdb-entryx_refsource_VUPEN
    Date Public
    2009-06-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:44:55.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35458",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35458"
              },
              {
                "name": "9001",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/9001"
              },
              {
                "name": "35517",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35517"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://mybboard.net/download/104"
              },
              {
                "name": "ADV-2009-1653",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1653"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35458",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35458"
            },
            {
              "name": "9001",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/9001"
            },
            {
              "name": "35517",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35517"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://mybboard.net/download/104"
            },
            {
              "name": "ADV-2009-1653",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1653"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2230",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35458",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35458"
                },
                {
                  "name": "9001",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/9001"
                },
                {
                  "name": "35517",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35517"
                },
                {
                  "name": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/",
                  "refsource": "CONFIRM",
                  "url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
                },
                {
                  "name": "http://mybboard.net/download/104",
                  "refsource": "CONFIRM",
                  "url": "http://mybboard.net/download/104"
                },
                {
                  "name": "ADV-2009-1653",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1653"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2230",
        "datePublished": "2009-06-26T18:00:00.000Z",
        "dateReserved": "2009-06-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:44:55.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0787 (GCVE-0-2008-0787)

    Vulnerability from nvd – Published: 2008-02-15 00:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.waraxe.us/advisory-64.html x_refsource_MISC
    http://www.securityfocus.com/bid/27378 vdb-entryx_refsource_BID
    http://secunia.com/advisories/28572/ third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/486763/100… mailing-listx_refsource_BUGTRAQ
    http://community.mybboard.net/showthread.php?tid=27675 x_refsource_CONFIRM
    http://www.securitytracker.com/id?1019257 vdb-entryx_refsource_SECTRACK
    https://www.exploit-db.com/exploits/5070 exploitx_refsource_EXPLOIT-DB
    http://www.vupen.com/english/advisories/2008/0238 vdb-entryx_refsource_VUPEN
    Date Public
    2008-01-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:38.909Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.waraxe.us/advisory-64.html"
              },
              {
                "name": "27378",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27378"
              },
              {
                "name": "28572",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28572/"
              },
              {
                "name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://community.mybboard.net/showthread.php?tid=27675"
              },
              {
                "name": "1019257",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019257"
              },
              {
                "name": "5070",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5070"
              },
              {
                "name": "ADV-2008-0238",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0238"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.waraxe.us/advisory-64.html"
            },
            {
              "name": "27378",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27378"
            },
            {
              "name": "28572",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28572/"
            },
            {
              "name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://community.mybboard.net/showthread.php?tid=27675"
            },
            {
              "name": "1019257",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019257"
            },
            {
              "name": "5070",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5070"
            },
            {
              "name": "ADV-2008-0238",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0238"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0787",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.waraxe.us/advisory-64.html",
                  "refsource": "MISC",
                  "url": "http://www.waraxe.us/advisory-64.html"
                },
                {
                  "name": "27378",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27378"
                },
                {
                  "name": "28572",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28572/"
                },
                {
                  "name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
                },
                {
                  "name": "http://community.mybboard.net/showthread.php?tid=27675",
                  "refsource": "CONFIRM",
                  "url": "http://community.mybboard.net/showthread.php?tid=27675"
                },
                {
                  "name": "1019257",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019257"
                },
                {
                  "name": "5070",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5070"
                },
                {
                  "name": "ADV-2008-0238",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0238"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0787",
        "datePublished": "2008-02-15T00:00:00.000Z",
        "dateReserved": "2008-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:38.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0382 (GCVE-0-2008-0382)

    Vulnerability from nvd – Published: 2008-01-22 19:00 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/4928 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/28509 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/486434/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/27322 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/4927 exploitx_refsource_EXPLOIT-DB
    http://securityreason.com/securityalert/3559 third-party-advisoryx_refsource_SREASON
    Date Public
    2008-01-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:55.095Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4928",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4928"
              },
              {
                "name": "28509",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28509"
              },
              {
                "name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
              },
              {
                "name": "27322",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27322"
              },
              {
                "name": "4927",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4927"
              },
              {
                "name": "3559",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3559"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4928",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4928"
            },
            {
              "name": "28509",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28509"
            },
            {
              "name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
            },
            {
              "name": "27322",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27322"
            },
            {
              "name": "4927",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4927"
            },
            {
              "name": "3559",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3559"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0382",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4928",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4928"
                },
                {
                  "name": "28509",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28509"
                },
                {
                  "name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
                },
                {
                  "name": "27322",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27322"
                },
                {
                  "name": "4927",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4927"
                },
                {
                  "name": "3559",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3559"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0382",
        "datePublished": "2008-01-22T19:00:00.000Z",
        "dateReserved": "2008-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:55.095Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2211 (GCVE-0-2007-2211)

    Vulnerability from nvd – Published: 2007-04-24 20:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/23612 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/1510 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/24967 third-party-advisoryx_refsource_SECUNIA
    https://www.exploit-db.com/exploits/3780 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:51.041Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23612"
              },
              {
                "name": "ADV-2007-1510",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1510"
              },
              {
                "name": "24967",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24967"
              },
              {
                "name": "3780",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3780"
              },
              {
                "name": "mybb-calendar-sql-injection(33814)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "23612",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23612"
            },
            {
              "name": "ADV-2007-1510",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1510"
            },
            {
              "name": "24967",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24967"
            },
            {
              "name": "3780",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3780"
            },
            {
              "name": "mybb-calendar-sql-injection(33814)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2211",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "23612",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23612"
                },
                {
                  "name": "ADV-2007-1510",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1510"
                },
                {
                  "name": "24967",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24967"
                },
                {
                  "name": "3780",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3780"
                },
                {
                  "name": "mybb-calendar-sql-injection(33814)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2211",
        "datePublished": "2007-04-24T20:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:51.041Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1964 (GCVE-0-2007-1964)

    Vulnerability from nvd – Published: 2007-04-11 10:00 – Updated: 2024-08-07 13:13
    VLAI
    Summary
    member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/464267/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/2544 third-party-advisoryx_refsource_SREASON
    Date Public
    2007-03-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:13:42.011Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070330 Mybb Change Password Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
              },
              {
                "name": "mybb-debugmode-information-disclosure(33345)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
              },
              {
                "name": "2544",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2544"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account\u0027s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070330 Mybb Change Password Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
            },
            {
              "name": "mybb-debugmode-information-disclosure(33345)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
            },
            {
              "name": "2544",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2544"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1964",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account\u0027s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070330 Mybb Change Password Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
                },
                {
                  "name": "mybb-debugmode-information-disclosure(33345)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
                },
                {
                  "name": "2544",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2544"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1964",
        "datePublished": "2007-04-11T10:00:00.000Z",
        "dateReserved": "2007-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:13:42.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1963 (GCVE-0-2007-1963)

    Vulnerability from nvd – Published: 2007-04-11 10:00 – Updated: 2024-08-07 13:13
    VLAI
    Summary
    SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://community.mybboard.net/showthread.php?tid=18002 x_refsource_CONFIRM
    http://secunia.com/advisories/24689 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/1244 vdb-entryx_refsource_VUPEN
    https://www.exploit-db.com/exploits/3653 exploitx_refsource_EXPLOIT-DB
    http://osvdb.org/34657 vdb-entryx_refsource_OSVDB
    http://community.mybboard.net/attachment.php?aid=5842 x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/464563/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:13:42.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://community.mybboard.net/showthread.php?tid=18002"
              },
              {
                "name": "24689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24689"
              },
              {
                "name": "ADV-2007-1244",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1244"
              },
              {
                "name": "3653",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3653"
              },
              {
                "name": "34657",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34657"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://community.mybboard.net/attachment.php?aid=5842"
              },
              {
                "name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://community.mybboard.net/showthread.php?tid=18002"
            },
            {
              "name": "24689",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24689"
            },
            {
              "name": "ADV-2007-1244",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1244"
            },
            {
              "name": "3653",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3653"
            },
            {
              "name": "34657",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34657"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://community.mybboard.net/attachment.php?aid=5842"
            },
            {
              "name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1963",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://community.mybboard.net/showthread.php?tid=18002",
                  "refsource": "CONFIRM",
                  "url": "http://community.mybboard.net/showthread.php?tid=18002"
                },
                {
                  "name": "24689",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24689"
                },
                {
                  "name": "ADV-2007-1244",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1244"
                },
                {
                  "name": "3653",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3653"
                },
                {
                  "name": "34657",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34657"
                },
                {
                  "name": "http://community.mybboard.net/attachment.php?aid=5842",
                  "refsource": "CONFIRM",
                  "url": "http://community.mybboard.net/attachment.php?aid=5842"
                },
                {
                  "name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1963",
        "datePublished": "2007-04-11T10:00:00.000Z",
        "dateReserved": "2007-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:13:42.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4971 (GCVE-0-2006-4971)

    Vulnerability from nvd – Published: 2006-09-25 01:00 – Updated: 2024-08-07 19:32
    VLAI
    Summary
    MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2006/3666 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/446093/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/1628 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-09-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:32:22.427Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2006-3666",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3666"
              },
              {
                "name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
              },
              {
                "name": "1628",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1628"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-09-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2006-3666",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3666"
            },
            {
              "name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
            },
            {
              "name": "1628",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1628"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4971",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2006-3666",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3666"
                },
                {
                  "name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
                },
                {
                  "name": "1628",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1628"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4971",
        "datePublished": "2006-09-25T01:00:00.000Z",
        "dateReserved": "2006-09-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:32:22.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4972 (GCVE-0-2006-4972)

    Vulnerability from nvd – Published: 2006-09-25 01:00 – Updated: 2024-08-07 19:32
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2006/3666 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/446093/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/1628 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/21972 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-09-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:32:22.919Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2006-3666",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3666"
              },
              {
                "name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
              },
              {
                "name": "1628",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1628"
              },
              {
                "name": "21972",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21972"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-09-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2006-3666",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3666"
            },
            {
              "name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
            },
            {
              "name": "1628",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1628"
            },
            {
              "name": "21972",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21972"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4972",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2006-3666",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3666"
                },
                {
                  "name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
                },
                {
                  "name": "1628",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1628"
                },
                {
                  "name": "21972",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21972"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4972",
        "datePublished": "2006-09-25T01:00:00.000Z",
        "dateReserved": "2006-09-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:32:22.919Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4707 (GCVE-0-2006-4707)

    Vulnerability from nvd – Published: 2006-09-12 16:00 – Updated: 2024-08-07 19:23
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/1540 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/21697 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/3418 vdb-entryx_refsource_VUPEN
    http://myimei.com/security/2006-08-17/mybb-117-ad… x_refsource_MISC
    http://www.securityfocus.com/archive/1/444782/100… mailing-listx_refsource_BUGTRAQ
    http://www.mybboard.com/archive.php?nid=18 x_refsource_CONFIRM
    Date Public
    2006-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:23:41.006Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1540",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1540"
              },
              {
                "name": "21697",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21697"
              },
              {
                "name": "ADV-2006-3418",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3418"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
              },
              {
                "name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mybboard.com/archive.php?nid=18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1540",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1540"
            },
            {
              "name": "21697",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21697"
            },
            {
              "name": "ADV-2006-3418",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3418"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
            },
            {
              "name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mybboard.com/archive.php?nid=18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4707",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1540",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1540"
                },
                {
                  "name": "21697",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21697"
                },
                {
                  "name": "ADV-2006-3418",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3418"
                },
                {
                  "name": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html",
                  "refsource": "MISC",
                  "url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
                },
                {
                  "name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
                },
                {
                  "name": "http://www.mybboard.com/archive.php?nid=18",
                  "refsource": "CONFIRM",
                  "url": "http://www.mybboard.com/archive.php?nid=18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4707",
        "datePublished": "2006-09-12T16:00:00.000Z",
        "dateReserved": "2006-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:23:41.006Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4706 (GCVE-0-2006-4706)

    Vulnerability from nvd – Published: 2006-09-12 16:00 – Updated: 2024-08-07 19:23
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/21697 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/1541 third-party-advisoryx_refsource_SREASON
    http://www.vupen.com/english/advisories/2006/3418 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/444807/100… mailing-listx_refsource_BUGTRAQ
    http://myimei.com/security/2006-08-15/mybb-117-ht… x_refsource_MISC
    http://www.mybboard.com/archive.php?nid=18 x_refsource_CONFIRM
    Date Public
    2006-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:23:41.069Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21697",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21697"
              },
              {
                "name": "1541",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1541"
              },
              {
                "name": "ADV-2006-3418",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3418"
              },
              {
                "name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mybboard.com/archive.php?nid=18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java\u0026 #115;cript,\" a different vulnerability than CVE-2006-3761."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21697",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21697"
            },
            {
              "name": "1541",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1541"
            },
            {
              "name": "ADV-2006-3418",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3418"
            },
            {
              "name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mybboard.com/archive.php?nid=18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4706",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java\u0026 #115;cript,\" a different vulnerability than CVE-2006-3761."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21697",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21697"
                },
                {
                  "name": "1541",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1541"
                },
                {
                  "name": "ADV-2006-3418",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3418"
                },
                {
                  "name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
                },
                {
                  "name": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html",
                  "refsource": "MISC",
                  "url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
                },
                {
                  "name": "http://www.mybboard.com/archive.php?nid=18",
                  "refsource": "CONFIRM",
                  "url": "http://www.mybboard.com/archive.php?nid=18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4706",
        "datePublished": "2006-09-12T16:00:00.000Z",
        "dateReserved": "2006-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:23:41.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4449 (GCVE-0-2006-4449)

    Vulnerability from nvd – Published: 2006-08-30 01:00 – Updated: 2024-08-07 19:14
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/444414/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/1469 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/21645 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/19718 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.mybboard.com/archive.php?nid=18 x_refsource_CONFIRM
    Date Public
    2006-08-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:14:46.410Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060825 MyBB Html Injection ( XSS )",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
              },
              {
                "name": "1469",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1469"
              },
              {
                "name": "21645",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21645"
              },
              {
                "name": "19718",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19718"
              },
              {
                "name": "mybb-attachment-xss(28587)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mybboard.com/archive.php?nid=18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060825 MyBB Html Injection ( XSS )",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
            },
            {
              "name": "1469",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1469"
            },
            {
              "name": "21645",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21645"
            },
            {
              "name": "19718",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19718"
            },
            {
              "name": "mybb-attachment-xss(28587)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mybboard.com/archive.php?nid=18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4449",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060825 MyBB Html Injection ( XSS )",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
                },
                {
                  "name": "1469",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1469"
                },
                {
                  "name": "21645",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21645"
                },
                {
                  "name": "19718",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19718"
                },
                {
                  "name": "mybb-attachment-xss(28587)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
                },
                {
                  "name": "http://www.mybboard.com/archive.php?nid=18",
                  "refsource": "CONFIRM",
                  "url": "http://www.mybboard.com/archive.php?nid=18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4449",
        "datePublished": "2006-08-30T01:00:00.000Z",
        "dateReserved": "2006-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:14:46.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3954 (GCVE-0-2006-3954)

    Vulnerability from nvd – Published: 2006-08-01 21:00 – Updated: 2024-08-07 18:48
    VLAI
    Summary
    Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/441534/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/1319 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/19195 vdb-entryx_refsource_BID
    Date Public
    2006-07-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:48:39.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
              },
              {
                "name": "1319",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1319"
              },
              {
                "name": "19195",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19195"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
            },
            {
              "name": "1319",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1319"
            },
            {
              "name": "19195",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19195"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
                },
                {
                  "name": "1319",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1319"
                },
                {
                  "name": "19195",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19195"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3954",
        "datePublished": "2006-08-01T21:00:00.000Z",
        "dateReserved": "2006-08-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:48:39.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3953 (GCVE-0-2006-3953)

    Vulnerability from nvd – Published: 2006-08-01 21:00 – Updated: 2024-08-07 18:48
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/441534/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/19193 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/1319 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-07-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:48:39.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
              },
              {
                "name": "19193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19193"
              },
              {
                "name": "1319",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1319"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
            },
            {
              "name": "19193",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19193"
            },
            {
              "name": "1319",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1319"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
                },
                {
                  "name": "19193",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19193"
                },
                {
                  "name": "1319",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1319"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3953",
        "datePublished": "2006-08-01T21:00:00.000Z",
        "dateReserved": "2006-08-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:48:39.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3775 (GCVE-0-2006-3775)

    Vulnerability from nvd – Published: 2006-07-21 18:00 – Updated: 2024-08-07 18:39
    VLAI
    Summary
    SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/21070 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/2811 vdb-entryx_refsource_VUPEN
    http://securityreason.com/securityalert/1262 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/440163/100… mailing-listx_refsource_BUGTRAQ
    http://retrogod.altervista.org/mybb_115_sql.html x_refsource_MISC
    http://www.mybboard.com/archive.php?nid=16 x_refsource_CONFIRM
    Date Public
    2006-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:39:54.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21070",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21070"
              },
              {
                "name": "mybb-clientip-sql-injection(27752)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
              },
              {
                "name": "ADV-2006-2811",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2811"
              },
              {
                "name": "1262",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1262"
              },
              {
                "name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://retrogod.altervista.org/mybb_115_sql.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mybboard.com/archive.php?nid=16"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[\u0027HTTP_CLIENT_IP\u0027] variable), as utilized by index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21070",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21070"
            },
            {
              "name": "mybb-clientip-sql-injection(27752)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
            },
            {
              "name": "ADV-2006-2811",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2811"
            },
            {
              "name": "1262",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1262"
            },
            {
              "name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://retrogod.altervista.org/mybb_115_sql.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mybboard.com/archive.php?nid=16"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3775",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[\u0027HTTP_CLIENT_IP\u0027] variable), as utilized by index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21070",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21070"
                },
                {
                  "name": "mybb-clientip-sql-injection(27752)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
                },
                {
                  "name": "ADV-2006-2811",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2811"
                },
                {
                  "name": "1262",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1262"
                },
                {
                  "name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
                },
                {
                  "name": "http://retrogod.altervista.org/mybb_115_sql.html",
                  "refsource": "MISC",
                  "url": "http://retrogod.altervista.org/mybb_115_sql.html"
                },
                {
                  "name": "http://www.mybboard.com/archive.php?nid=16",
                  "refsource": "CONFIRM",
                  "url": "http://www.mybboard.com/archive.php?nid=16"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3775",
        "datePublished": "2006-07-21T18:00:00.000Z",
        "dateReserved": "2006-07-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:39:54.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3760 (GCVE-0-2006-3760)

    Vulnerability from nvd – Published: 2006-07-21 00:00 – Updated: 2024-08-07 18:39
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://community.mybboard.net/showthread.php?tid=10115 x_refsource_CONFIRM
    http://www.osvdb.org/26811 vdb-entryx_refsource_OSVDB
    http://www.mybboard.com/archive.php?nid=15 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/20873 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-06-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:39:54.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://community.mybboard.net/showthread.php?tid=10115"
              },
              {
                "name": "26811",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/26811"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mybboard.com/archive.php?nid=15"
              },
              {
                "name": "mybb-unspecified-sql-injection(27483)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
              },
              {
                "name": "20873",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20873"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://community.mybboard.net/showthread.php?tid=10115"
            },
            {
              "name": "26811",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/26811"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mybboard.com/archive.php?nid=15"
            },
            {
              "name": "mybb-unspecified-sql-injection(27483)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
            },
            {
              "name": "20873",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20873"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3760",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://community.mybboard.net/showthread.php?tid=10115",
                  "refsource": "CONFIRM",
                  "url": "http://community.mybboard.net/showthread.php?tid=10115"
                },
                {
                  "name": "26811",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/26811"
                },
                {
                  "name": "http://www.mybboard.com/archive.php?nid=15",
                  "refsource": "CONFIRM",
                  "url": "http://www.mybboard.com/archive.php?nid=15"
                },
                {
                  "name": "mybb-unspecified-sql-injection(27483)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
                },
                {
                  "name": "20873",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20873"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3760",
        "datePublished": "2006-07-21T00:00:00.000Z",
        "dateReserved": "2006-07-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:39:54.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3758 (GCVE-0-2006-3758)

    Vulnerability from nvd – Published: 2006-07-21 00:00 – Updated: 2024-08-07 18:39
    VLAI
    Summary
    inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-06-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:39:54.013Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://community.mybboard.net/showthread.php?tid=10115"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mybboard.com/archive.php?nid=15"
              },
              {
                "name": "mybb-index-sql-injection(27445)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
              },
              {
                "name": "26809",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/26809"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
              },
              {
                "name": "20873",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20873"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://community.mybboard.net/showthread.php?tid=10115"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mybboard.com/archive.php?nid=15"
            },
            {
              "name": "mybb-index-sql-injection(27445)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
            },
            {
              "name": "26809",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/26809"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
            },
            {
              "name": "20873",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20873"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3758",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://community.mybboard.net/showthread.php?tid=10115",
                  "refsource": "CONFIRM",
                  "url": "http://community.mybboard.net/showthread.php?tid=10115"
                },
                {
                  "name": "http://www.mybboard.com/archive.php?nid=15",
                  "refsource": "CONFIRM",
                  "url": "http://www.mybboard.com/archive.php?nid=15"
                },
                {
                  "name": "mybb-index-sql-injection(27445)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
                },
                {
                  "name": "26809",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/26809"
                },
                {
                  "name": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html",
                  "refsource": "MISC",
                  "url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
                },
                {
                  "name": "20873",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20873"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3758",
        "datePublished": "2006-07-21T00:00:00.000Z",
        "dateReserved": "2006-07-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:39:54.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2230 (GCVE-0-2009-2230)

    Vulnerability from cvelistv5 – Published: 2009-06-26 18:00 – Updated: 2024-08-07 05:44
    VLAI
    Summary
    SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/35458 vdb-entryx_refsource_BID
    http://www.exploit-db.com/exploits/9001 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/35517 third-party-advisoryx_refsource_SECUNIA
    http://blog.mybboard.net/2009/06/15/mybb-147-rele… x_refsource_CONFIRM
    http://mybboard.net/download/104 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/1653 vdb-entryx_refsource_VUPEN
    Date Public
    2009-06-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:44:55.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35458",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35458"
              },
              {
                "name": "9001",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/9001"
              },
              {
                "name": "35517",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35517"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://mybboard.net/download/104"
              },
              {
                "name": "ADV-2009-1653",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1653"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35458",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35458"
            },
            {
              "name": "9001",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/9001"
            },
            {
              "name": "35517",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35517"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://mybboard.net/download/104"
            },
            {
              "name": "ADV-2009-1653",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1653"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2230",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35458",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35458"
                },
                {
                  "name": "9001",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/9001"
                },
                {
                  "name": "35517",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35517"
                },
                {
                  "name": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/",
                  "refsource": "CONFIRM",
                  "url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
                },
                {
                  "name": "http://mybboard.net/download/104",
                  "refsource": "CONFIRM",
                  "url": "http://mybboard.net/download/104"
                },
                {
                  "name": "ADV-2009-1653",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1653"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2230",
        "datePublished": "2009-06-26T18:00:00.000Z",
        "dateReserved": "2009-06-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:44:55.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0787 (GCVE-0-2008-0787)

    Vulnerability from cvelistv5 – Published: 2008-02-15 00:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.waraxe.us/advisory-64.html x_refsource_MISC
    http://www.securityfocus.com/bid/27378 vdb-entryx_refsource_BID
    http://secunia.com/advisories/28572/ third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/486763/100… mailing-listx_refsource_BUGTRAQ
    http://community.mybboard.net/showthread.php?tid=27675 x_refsource_CONFIRM
    http://www.securitytracker.com/id?1019257 vdb-entryx_refsource_SECTRACK
    https://www.exploit-db.com/exploits/5070 exploitx_refsource_EXPLOIT-DB
    http://www.vupen.com/english/advisories/2008/0238 vdb-entryx_refsource_VUPEN
    Date Public
    2008-01-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:38.909Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.waraxe.us/advisory-64.html"
              },
              {
                "name": "27378",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27378"
              },
              {
                "name": "28572",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28572/"
              },
              {
                "name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://community.mybboard.net/showthread.php?tid=27675"
              },
              {
                "name": "1019257",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019257"
              },
              {
                "name": "5070",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5070"
              },
              {
                "name": "ADV-2008-0238",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0238"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.waraxe.us/advisory-64.html"
            },
            {
              "name": "27378",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27378"
            },
            {
              "name": "28572",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28572/"
            },
            {
              "name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://community.mybboard.net/showthread.php?tid=27675"
            },
            {
              "name": "1019257",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019257"
            },
            {
              "name": "5070",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5070"
            },
            {
              "name": "ADV-2008-0238",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0238"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0787",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.waraxe.us/advisory-64.html",
                  "refsource": "MISC",
                  "url": "http://www.waraxe.us/advisory-64.html"
                },
                {
                  "name": "27378",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27378"
                },
                {
                  "name": "28572",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28572/"
                },
                {
                  "name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
                },
                {
                  "name": "http://community.mybboard.net/showthread.php?tid=27675",
                  "refsource": "CONFIRM",
                  "url": "http://community.mybboard.net/showthread.php?tid=27675"
                },
                {
                  "name": "1019257",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019257"
                },
                {
                  "name": "5070",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5070"
                },
                {
                  "name": "ADV-2008-0238",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0238"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0787",
        "datePublished": "2008-02-15T00:00:00.000Z",
        "dateReserved": "2008-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:38.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0382 (GCVE-0-2008-0382)

    Vulnerability from cvelistv5 – Published: 2008-01-22 19:00 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/4928 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/28509 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/486434/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/27322 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/4927 exploitx_refsource_EXPLOIT-DB
    http://securityreason.com/securityalert/3559 third-party-advisoryx_refsource_SREASON
    Date Public
    2008-01-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:55.095Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "4928",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4928"
              },
              {
                "name": "28509",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28509"
              },
              {
                "name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
              },
              {
                "name": "27322",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27322"
              },
              {
                "name": "4927",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4927"
              },
              {
                "name": "3559",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3559"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "4928",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4928"
            },
            {
              "name": "28509",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28509"
            },
            {
              "name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
            },
            {
              "name": "27322",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27322"
            },
            {
              "name": "4927",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4927"
            },
            {
              "name": "3559",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3559"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0382",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "4928",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4928"
                },
                {
                  "name": "28509",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28509"
                },
                {
                  "name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
                },
                {
                  "name": "27322",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27322"
                },
                {
                  "name": "4927",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4927"
                },
                {
                  "name": "3559",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3559"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0382",
        "datePublished": "2008-01-22T19:00:00.000Z",
        "dateReserved": "2008-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:55.095Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2211 (GCVE-0-2007-2211)

    Vulnerability from cvelistv5 – Published: 2007-04-24 20:00 – Updated: 2024-08-07 13:23
    VLAI
    Summary
    SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/23612 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/1510 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/24967 third-party-advisoryx_refsource_SECUNIA
    https://www.exploit-db.com/exploits/3780 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:23:51.041Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "23612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23612"
              },
              {
                "name": "ADV-2007-1510",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1510"
              },
              {
                "name": "24967",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24967"
              },
              {
                "name": "3780",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3780"
              },
              {
                "name": "mybb-calendar-sql-injection(33814)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "23612",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23612"
            },
            {
              "name": "ADV-2007-1510",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1510"
            },
            {
              "name": "24967",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24967"
            },
            {
              "name": "3780",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3780"
            },
            {
              "name": "mybb-calendar-sql-injection(33814)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2211",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "23612",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23612"
                },
                {
                  "name": "ADV-2007-1510",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1510"
                },
                {
                  "name": "24967",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24967"
                },
                {
                  "name": "3780",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3780"
                },
                {
                  "name": "mybb-calendar-sql-injection(33814)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2211",
        "datePublished": "2007-04-24T20:00:00.000Z",
        "dateReserved": "2007-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:23:51.041Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1964 (GCVE-0-2007-1964)

    Vulnerability from cvelistv5 – Published: 2007-04-11 10:00 – Updated: 2024-08-07 13:13
    VLAI
    Summary
    member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/464267/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/2544 third-party-advisoryx_refsource_SREASON
    Date Public
    2007-03-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:13:42.011Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070330 Mybb Change Password Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
              },
              {
                "name": "mybb-debugmode-information-disclosure(33345)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
              },
              {
                "name": "2544",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2544"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account\u0027s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070330 Mybb Change Password Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
            },
            {
              "name": "mybb-debugmode-information-disclosure(33345)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
            },
            {
              "name": "2544",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2544"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1964",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account\u0027s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070330 Mybb Change Password Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
                },
                {
                  "name": "mybb-debugmode-information-disclosure(33345)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
                },
                {
                  "name": "2544",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2544"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1964",
        "datePublished": "2007-04-11T10:00:00.000Z",
        "dateReserved": "2007-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:13:42.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1963 (GCVE-0-2007-1963)

    Vulnerability from cvelistv5 – Published: 2007-04-11 10:00 – Updated: 2024-08-07 13:13
    VLAI
    Summary
    SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://community.mybboard.net/showthread.php?tid=18002 x_refsource_CONFIRM
    http://secunia.com/advisories/24689 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/1244 vdb-entryx_refsource_VUPEN
    https://www.exploit-db.com/exploits/3653 exploitx_refsource_EXPLOIT-DB
    http://osvdb.org/34657 vdb-entryx_refsource_OSVDB
    http://community.mybboard.net/attachment.php?aid=5842 x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/464563/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2007-04-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:13:42.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://community.mybboard.net/showthread.php?tid=18002"
              },
              {
                "name": "24689",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24689"
              },
              {
                "name": "ADV-2007-1244",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1244"
              },
              {
                "name": "3653",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3653"
              },
              {
                "name": "34657",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34657"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://community.mybboard.net/attachment.php?aid=5842"
              },
              {
                "name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://community.mybboard.net/showthread.php?tid=18002"
            },
            {
              "name": "24689",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24689"
            },
            {
              "name": "ADV-2007-1244",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1244"
            },
            {
              "name": "3653",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3653"
            },
            {
              "name": "34657",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34657"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://community.mybboard.net/attachment.php?aid=5842"
            },
            {
              "name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1963",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://community.mybboard.net/showthread.php?tid=18002",
                  "refsource": "CONFIRM",
                  "url": "http://community.mybboard.net/showthread.php?tid=18002"
                },
                {
                  "name": "24689",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24689"
                },
                {
                  "name": "ADV-2007-1244",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1244"
                },
                {
                  "name": "3653",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3653"
                },
                {
                  "name": "34657",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34657"
                },
                {
                  "name": "http://community.mybboard.net/attachment.php?aid=5842",
                  "refsource": "CONFIRM",
                  "url": "http://community.mybboard.net/attachment.php?aid=5842"
                },
                {
                  "name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1963",
        "datePublished": "2007-04-11T10:00:00.000Z",
        "dateReserved": "2007-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:13:42.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4971 (GCVE-0-2006-4971)

    Vulnerability from cvelistv5 – Published: 2006-09-25 01:00 – Updated: 2024-08-07 19:32
    VLAI
    Summary
    MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2006/3666 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/446093/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/1628 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-09-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:32:22.427Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2006-3666",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3666"
              },
              {
                "name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
              },
              {
                "name": "1628",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1628"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-09-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2006-3666",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3666"
            },
            {
              "name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
            },
            {
              "name": "1628",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1628"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4971",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2006-3666",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3666"
                },
                {
                  "name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
                },
                {
                  "name": "1628",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1628"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4971",
        "datePublished": "2006-09-25T01:00:00.000Z",
        "dateReserved": "2006-09-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:32:22.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4972 (GCVE-0-2006-4972)

    Vulnerability from cvelistv5 – Published: 2006-09-25 01:00 – Updated: 2024-08-07 19:32
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2006/3666 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/446093/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/1628 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/21972 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2006-09-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:32:22.919Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2006-3666",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3666"
              },
              {
                "name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
              },
              {
                "name": "1628",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1628"
              },
              {
                "name": "21972",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21972"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-09-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2006-3666",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3666"
            },
            {
              "name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
            },
            {
              "name": "1628",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1628"
            },
            {
              "name": "21972",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21972"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4972",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2006-3666",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3666"
                },
                {
                  "name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
                },
                {
                  "name": "1628",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1628"
                },
                {
                  "name": "21972",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21972"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4972",
        "datePublished": "2006-09-25T01:00:00.000Z",
        "dateReserved": "2006-09-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:32:22.919Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4707 (GCVE-0-2006-4707)

    Vulnerability from cvelistv5 – Published: 2006-09-12 16:00 – Updated: 2024-08-07 19:23
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/1540 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/21697 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/3418 vdb-entryx_refsource_VUPEN
    http://myimei.com/security/2006-08-17/mybb-117-ad… x_refsource_MISC
    http://www.securityfocus.com/archive/1/444782/100… mailing-listx_refsource_BUGTRAQ
    http://www.mybboard.com/archive.php?nid=18 x_refsource_CONFIRM
    Date Public
    2006-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:23:41.006Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1540",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1540"
              },
              {
                "name": "21697",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21697"
              },
              {
                "name": "ADV-2006-3418",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3418"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
              },
              {
                "name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mybboard.com/archive.php?nid=18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1540",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1540"
            },
            {
              "name": "21697",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21697"
            },
            {
              "name": "ADV-2006-3418",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3418"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
            },
            {
              "name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mybboard.com/archive.php?nid=18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4707",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1540",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1540"
                },
                {
                  "name": "21697",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21697"
                },
                {
                  "name": "ADV-2006-3418",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3418"
                },
                {
                  "name": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html",
                  "refsource": "MISC",
                  "url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
                },
                {
                  "name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
                },
                {
                  "name": "http://www.mybboard.com/archive.php?nid=18",
                  "refsource": "CONFIRM",
                  "url": "http://www.mybboard.com/archive.php?nid=18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4707",
        "datePublished": "2006-09-12T16:00:00.000Z",
        "dateReserved": "2006-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:23:41.006Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4706 (GCVE-0-2006-4706)

    Vulnerability from cvelistv5 – Published: 2006-09-12 16:00 – Updated: 2024-08-07 19:23
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/21697 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/1541 third-party-advisoryx_refsource_SREASON
    http://www.vupen.com/english/advisories/2006/3418 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/444807/100… mailing-listx_refsource_BUGTRAQ
    http://myimei.com/security/2006-08-15/mybb-117-ht… x_refsource_MISC
    http://www.mybboard.com/archive.php?nid=18 x_refsource_CONFIRM
    Date Public
    2006-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:23:41.069Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21697",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21697"
              },
              {
                "name": "1541",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1541"
              },
              {
                "name": "ADV-2006-3418",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3418"
              },
              {
                "name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mybboard.com/archive.php?nid=18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java\u0026 #115;cript,\" a different vulnerability than CVE-2006-3761."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21697",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21697"
            },
            {
              "name": "1541",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1541"
            },
            {
              "name": "ADV-2006-3418",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3418"
            },
            {
              "name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mybboard.com/archive.php?nid=18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4706",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java\u0026 #115;cript,\" a different vulnerability than CVE-2006-3761."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21697",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21697"
                },
                {
                  "name": "1541",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1541"
                },
                {
                  "name": "ADV-2006-3418",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3418"
                },
                {
                  "name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
                },
                {
                  "name": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html",
                  "refsource": "MISC",
                  "url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
                },
                {
                  "name": "http://www.mybboard.com/archive.php?nid=18",
                  "refsource": "CONFIRM",
                  "url": "http://www.mybboard.com/archive.php?nid=18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4706",
        "datePublished": "2006-09-12T16:00:00.000Z",
        "dateReserved": "2006-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:23:41.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4449 (GCVE-0-2006-4449)

    Vulnerability from cvelistv5 – Published: 2006-08-30 01:00 – Updated: 2024-08-07 19:14
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/444414/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/1469 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/21645 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/19718 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.mybboard.com/archive.php?nid=18 x_refsource_CONFIRM
    Date Public
    2006-08-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:14:46.410Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060825 MyBB Html Injection ( XSS )",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
              },
              {
                "name": "1469",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1469"
              },
              {
                "name": "21645",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21645"
              },
              {
                "name": "19718",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19718"
              },
              {
                "name": "mybb-attachment-xss(28587)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mybboard.com/archive.php?nid=18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060825 MyBB Html Injection ( XSS )",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
            },
            {
              "name": "1469",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1469"
            },
            {
              "name": "21645",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21645"
            },
            {
              "name": "19718",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19718"
            },
            {
              "name": "mybb-attachment-xss(28587)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mybboard.com/archive.php?nid=18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4449",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060825 MyBB Html Injection ( XSS )",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
                },
                {
                  "name": "1469",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1469"
                },
                {
                  "name": "21645",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21645"
                },
                {
                  "name": "19718",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19718"
                },
                {
                  "name": "mybb-attachment-xss(28587)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
                },
                {
                  "name": "http://www.mybboard.com/archive.php?nid=18",
                  "refsource": "CONFIRM",
                  "url": "http://www.mybboard.com/archive.php?nid=18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4449",
        "datePublished": "2006-08-30T01:00:00.000Z",
        "dateReserved": "2006-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:14:46.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3954 (GCVE-0-2006-3954)

    Vulnerability from cvelistv5 – Published: 2006-08-01 21:00 – Updated: 2024-08-07 18:48
    VLAI
    Summary
    Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/441534/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/1319 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/19195 vdb-entryx_refsource_BID
    Date Public
    2006-07-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:48:39.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
              },
              {
                "name": "1319",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1319"
              },
              {
                "name": "19195",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19195"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
            },
            {
              "name": "1319",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1319"
            },
            {
              "name": "19195",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19195"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
                },
                {
                  "name": "1319",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1319"
                },
                {
                  "name": "19195",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19195"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3954",
        "datePublished": "2006-08-01T21:00:00.000Z",
        "dateReserved": "2006-08-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:48:39.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3953 (GCVE-0-2006-3953)

    Vulnerability from cvelistv5 – Published: 2006-08-01 21:00 – Updated: 2024-08-07 18:48
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/441534/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/19193 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/1319 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-07-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:48:39.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
              },
              {
                "name": "19193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19193"
              },
              {
                "name": "1319",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1319"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
            },
            {
              "name": "19193",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19193"
            },
            {
              "name": "1319",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1319"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
                },
                {
                  "name": "19193",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19193"
                },
                {
                  "name": "1319",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1319"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3953",
        "datePublished": "2006-08-01T21:00:00.000Z",
        "dateReserved": "2006-08-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:48:39.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3775 (GCVE-0-2006-3775)

    Vulnerability from cvelistv5 – Published: 2006-07-21 18:00 – Updated: 2024-08-07 18:39
    VLAI
    Summary
    SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/21070 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/2811 vdb-entryx_refsource_VUPEN
    http://securityreason.com/securityalert/1262 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/440163/100… mailing-listx_refsource_BUGTRAQ
    http://retrogod.altervista.org/mybb_115_sql.html x_refsource_MISC
    http://www.mybboard.com/archive.php?nid=16 x_refsource_CONFIRM
    Date Public
    2006-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:39:54.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21070",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21070"
              },
              {
                "name": "mybb-clientip-sql-injection(27752)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
              },
              {
                "name": "ADV-2006-2811",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2811"
              },
              {
                "name": "1262",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1262"
              },
              {
                "name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://retrogod.altervista.org/mybb_115_sql.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mybboard.com/archive.php?nid=16"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[\u0027HTTP_CLIENT_IP\u0027] variable), as utilized by index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21070",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21070"
            },
            {
              "name": "mybb-clientip-sql-injection(27752)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
            },
            {
              "name": "ADV-2006-2811",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2811"
            },
            {
              "name": "1262",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1262"
            },
            {
              "name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://retrogod.altervista.org/mybb_115_sql.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mybboard.com/archive.php?nid=16"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3775",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[\u0027HTTP_CLIENT_IP\u0027] variable), as utilized by index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21070",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21070"
                },
                {
                  "name": "mybb-clientip-sql-injection(27752)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
                },
                {
                  "name": "ADV-2006-2811",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2811"
                },
                {
                  "name": "1262",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1262"
                },
                {
                  "name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
                },
                {
                  "name": "http://retrogod.altervista.org/mybb_115_sql.html",
                  "refsource": "MISC",
                  "url": "http://retrogod.altervista.org/mybb_115_sql.html"
                },
                {
                  "name": "http://www.mybboard.com/archive.php?nid=16",
                  "refsource": "CONFIRM",
                  "url": "http://www.mybboard.com/archive.php?nid=16"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3775",
        "datePublished": "2006-07-21T18:00:00.000Z",
        "dateReserved": "2006-07-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:39:54.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }