Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
120 vulnerabilities by mybulletinboard
CVE-2009-2230 (GCVE-0-2009-2230)
Vulnerability from nvd – Published: 2009-06-26 18:00 – Updated: 2024-08-07 05:44
VLAI
Summary
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/35458 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/9001 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/35517 | third-party-advisoryx_refsource_SECUNIA |
| http://blog.mybboard.net/2009/06/15/mybb-147-rele… | x_refsource_CONFIRM |
| http://mybboard.net/download/104 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/1653 | vdb-entryx_refsource_VUPEN |
Date Public
2009-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35458"
},
{
"name": "9001",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9001"
},
{
"name": "35517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35517"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mybboard.net/download/104"
},
{
"name": "ADV-2009-1653",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35458"
},
{
"name": "9001",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9001"
},
{
"name": "35517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35517"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mybboard.net/download/104"
},
{
"name": "ADV-2009-1653",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35458"
},
{
"name": "9001",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9001"
},
{
"name": "35517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35517"
},
{
"name": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/",
"refsource": "CONFIRM",
"url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
},
{
"name": "http://mybboard.net/download/104",
"refsource": "CONFIRM",
"url": "http://mybboard.net/download/104"
},
{
"name": "ADV-2009-1653",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2230",
"datePublished": "2009-06-26T18:00:00.000Z",
"dateReserved": "2009-06-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0787 (GCVE-0-2008-0787)
Vulnerability from nvd – Published: 2008-02-15 00:00 – Updated: 2024-08-07 08:01
VLAI
Summary
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.waraxe.us/advisory-64.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/27378 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/28572/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/486763/100… | mailing-listx_refsource_BUGTRAQ |
| http://community.mybboard.net/showthread.php?tid=27675 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id?1019257 | vdb-entryx_refsource_SECTRACK |
| https://www.exploit-db.com/exploits/5070 | exploitx_refsource_EXPLOIT-DB |
| http://www.vupen.com/english/advisories/2008/0238 | vdb-entryx_refsource_VUPEN |
Date Public
2008-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:38.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-64.html"
},
{
"name": "27378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27378"
},
{
"name": "28572",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28572/"
},
{
"name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=27675"
},
{
"name": "1019257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019257"
},
{
"name": "5070",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5070"
},
{
"name": "ADV-2008-0238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0238"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-64.html"
},
{
"name": "27378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27378"
},
{
"name": "28572",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28572/"
},
{
"name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=27675"
},
{
"name": "1019257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019257"
},
{
"name": "5070",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5070"
},
{
"name": "ADV-2008-0238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0238"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-64.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-64.html"
},
{
"name": "27378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27378"
},
{
"name": "28572",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28572/"
},
{
"name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=27675",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=27675"
},
{
"name": "1019257",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019257"
},
{
"name": "5070",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5070"
},
{
"name": "ADV-2008-0238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0238"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0787",
"datePublished": "2008-02-15T00:00:00.000Z",
"dateReserved": "2008-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:38.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0382 (GCVE-0-2008-0382)
Vulnerability from nvd – Published: 2008-01-22 19:00 – Updated: 2024-08-07 07:46
VLAI
Summary
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/4928 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/28509 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/486434/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/27322 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/4927 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/3559 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-01-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4928",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4928"
},
{
"name": "28509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28509"
},
{
"name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
},
{
"name": "27322",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27322"
},
{
"name": "4927",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4927"
},
{
"name": "3559",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4928",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4928"
},
{
"name": "28509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28509"
},
{
"name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
},
{
"name": "27322",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27322"
},
{
"name": "4927",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4927"
},
{
"name": "3559",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3559"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4928",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4928"
},
{
"name": "28509",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28509"
},
{
"name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
},
{
"name": "27322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27322"
},
{
"name": "4927",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4927"
},
{
"name": "3559",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3559"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0382",
"datePublished": "2008-01-22T19:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:55.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2211 (GCVE-0-2007-2211)
Vulnerability from nvd – Published: 2007-04-24 20:00 – Updated: 2024-08-07 13:23
VLAI
Summary
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/23612 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/1510 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/24967 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/3780 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:51.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23612"
},
{
"name": "ADV-2007-1510",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1510"
},
{
"name": "24967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24967"
},
{
"name": "3780",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3780"
},
{
"name": "mybb-calendar-sql-injection(33814)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23612"
},
{
"name": "ADV-2007-1510",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1510"
},
{
"name": "24967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24967"
},
{
"name": "3780",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3780"
},
{
"name": "mybb-calendar-sql-injection(33814)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23612"
},
{
"name": "ADV-2007-1510",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1510"
},
{
"name": "24967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24967"
},
{
"name": "3780",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3780"
},
{
"name": "mybb-calendar-sql-injection(33814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2211",
"datePublished": "2007-04-24T20:00:00.000Z",
"dateReserved": "2007-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:23:51.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1964 (GCVE-0-2007-1964)
Vulnerability from nvd – Published: 2007-04-11 10:00 – Updated: 2024-08-07 13:13
VLAI
Summary
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/464267/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2544 | third-party-advisoryx_refsource_SREASON |
Date Public
2007-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:42.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070330 Mybb Change Password Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"name": "mybb-debugmode-information-disclosure(33345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
},
{
"name": "2544",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2544"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account\u0027s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070330 Mybb Change Password Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"name": "mybb-debugmode-information-disclosure(33345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
},
{
"name": "2544",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2544"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account\u0027s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070330 Mybb Change Password Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"name": "mybb-debugmode-information-disclosure(33345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
},
{
"name": "2544",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2544"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1964",
"datePublished": "2007-04-11T10:00:00.000Z",
"dateReserved": "2007-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:13:42.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1963 (GCVE-0-2007-1963)
Vulnerability from nvd – Published: 2007-04-11 10:00 – Updated: 2024-08-07 13:13
VLAI
Summary
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://community.mybboard.net/showthread.php?tid=18002 | x_refsource_CONFIRM |
| http://secunia.com/advisories/24689 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/1244 | vdb-entryx_refsource_VUPEN |
| https://www.exploit-db.com/exploits/3653 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/34657 | vdb-entryx_refsource_OSVDB |
| http://community.mybboard.net/attachment.php?aid=5842 | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/464563/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-04-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:42.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=18002"
},
{
"name": "24689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24689"
},
{
"name": "ADV-2007-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1244"
},
{
"name": "3653",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3653"
},
{
"name": "34657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/attachment.php?aid=5842"
},
{
"name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=18002"
},
{
"name": "24689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24689"
},
{
"name": "ADV-2007-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1244"
},
{
"name": "3653",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3653"
},
{
"name": "34657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/attachment.php?aid=5842"
},
{
"name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.mybboard.net/showthread.php?tid=18002",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=18002"
},
{
"name": "24689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24689"
},
{
"name": "ADV-2007-1244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1244"
},
{
"name": "3653",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3653"
},
{
"name": "34657",
"refsource": "OSVDB",
"url": "http://osvdb.org/34657"
},
{
"name": "http://community.mybboard.net/attachment.php?aid=5842",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/attachment.php?aid=5842"
},
{
"name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1963",
"datePublished": "2007-04-11T10:00:00.000Z",
"dateReserved": "2007-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:13:42.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4971 (GCVE-0-2006-4971)
Vulnerability from nvd – Published: 2006-09-25 01:00 – Updated: 2024-08-07 19:32
VLAI
Summary
MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/3666 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/446093/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1628 | third-party-advisoryx_refsource_SREASON |
Date Public
2006-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3666",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4971",
"datePublished": "2006-09-25T01:00:00.000Z",
"dateReserved": "2006-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:32:22.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4972 (GCVE-0-2006-4972)
Vulnerability from nvd – Published: 2006-09-25 01:00 – Updated: 2024-08-07 19:32
VLAI
Summary
Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/3666 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/446093/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1628 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/21972 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1628"
},
{
"name": "21972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1628"
},
{
"name": "21972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21972"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3666",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1628"
},
{
"name": "21972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21972"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4972",
"datePublished": "2006-09-25T01:00:00.000Z",
"dateReserved": "2006-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:32:22.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4707 (GCVE-0-2006-4707)
Vulnerability from nvd – Published: 2006-09-12 16:00 – Updated: 2024-08-07 19:23
VLAI
Summary
Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/1540 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/21697 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/3418 | vdb-entryx_refsource_VUPEN |
| http://myimei.com/security/2006-08-17/mybb-117-ad… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/444782/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.mybboard.com/archive.php?nid=18 | x_refsource_CONFIRM |
Date Public
2006-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1540",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1540"
},
{
"name": "21697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21697"
},
{
"name": "ADV-2006-3418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1540",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1540"
},
{
"name": "21697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21697"
},
{
"name": "ADV-2006-3418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1540",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1540"
},
{
"name": "21697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21697"
},
{
"name": "ADV-2006-3418",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"name": "http://www.mybboard.com/archive.php?nid=18",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4707",
"datePublished": "2006-09-12T16:00:00.000Z",
"dateReserved": "2006-09-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4706 (GCVE-0-2006-4706)
Vulnerability from nvd – Published: 2006-09-12 16:00 – Updated: 2024-08-07 19:23
VLAI
Summary
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/21697 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/1541 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2006/3418 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/444807/100… | mailing-listx_refsource_BUGTRAQ |
| http://myimei.com/security/2006-08-15/mybb-117-ht… | x_refsource_MISC |
| http://www.mybboard.com/archive.php?nid=18 | x_refsource_CONFIRM |
Date Public
2006-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21697"
},
{
"name": "1541",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1541"
},
{
"name": "ADV-2006-3418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java\u0026 #115;cript,\" a different vulnerability than CVE-2006-3761."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21697"
},
{
"name": "1541",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1541"
},
{
"name": "ADV-2006-3418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java\u0026 #115;cript,\" a different vulnerability than CVE-2006-3761."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21697"
},
{
"name": "1541",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1541"
},
{
"name": "ADV-2006-3418",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
},
{
"name": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
},
{
"name": "http://www.mybboard.com/archive.php?nid=18",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4706",
"datePublished": "2006-09-12T16:00:00.000Z",
"dateReserved": "2006-09-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4449 (GCVE-0-2006-4449)
Vulnerability from nvd – Published: 2006-08-30 01:00 – Updated: 2024-08-07 19:14
VLAI
Summary
Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/444414/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1469 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/21645 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/19718 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.mybboard.com/archive.php?nid=18 | x_refsource_CONFIRM |
Date Public
2006-08-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060825 MyBB Html Injection ( XSS )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
},
{
"name": "1469",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1469"
},
{
"name": "21645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21645"
},
{
"name": "19718",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19718"
},
{
"name": "mybb-attachment-xss(28587)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060825 MyBB Html Injection ( XSS )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
},
{
"name": "1469",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1469"
},
{
"name": "21645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21645"
},
{
"name": "19718",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19718"
},
{
"name": "mybb-attachment-xss(28587)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060825 MyBB Html Injection ( XSS )",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
},
{
"name": "1469",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1469"
},
{
"name": "21645",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21645"
},
{
"name": "19718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19718"
},
{
"name": "mybb-attachment-xss(28587)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
},
{
"name": "http://www.mybboard.com/archive.php?nid=18",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4449",
"datePublished": "2006-08-30T01:00:00.000Z",
"dateReserved": "2006-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:14:46.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3954 (GCVE-0-2006-3954)
Vulnerability from nvd – Published: 2006-08-01 21:00 – Updated: 2024-08-07 18:48
VLAI
Summary
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/441534/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1319 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/19195 | vdb-entryx_refsource_BID |
Date Public
2006-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "1319",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1319"
},
{
"name": "19195",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19195"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "1319",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1319"
},
{
"name": "19195",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19195"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "1319",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1319"
},
{
"name": "19195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19195"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3954",
"datePublished": "2006-08-01T21:00:00.000Z",
"dateReserved": "2006-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3953 (GCVE-0-2006-3953)
Vulnerability from nvd – Published: 2006-08-01 21:00 – Updated: 2024-08-07 18:48
VLAI
Summary
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/441534/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/19193 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/1319 | third-party-advisoryx_refsource_SREASON |
Date Public
2006-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "19193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19193"
},
{
"name": "1319",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "19193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19193"
},
{
"name": "1319",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "19193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19193"
},
{
"name": "1319",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3953",
"datePublished": "2006-08-01T21:00:00.000Z",
"dateReserved": "2006-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3775 (GCVE-0-2006-3775)
Vulnerability from nvd – Published: 2006-07-21 18:00 – Updated: 2024-08-07 18:39
VLAI
Summary
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/21070 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/2811 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/1262 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/440163/100… | mailing-listx_refsource_BUGTRAQ |
| http://retrogod.altervista.org/mybb_115_sql.html | x_refsource_MISC |
| http://www.mybboard.com/archive.php?nid=16 | x_refsource_CONFIRM |
Date Public
2006-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21070"
},
{
"name": "mybb-clientip-sql-injection(27752)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
},
{
"name": "ADV-2006-2811",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2811"
},
{
"name": "1262",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1262"
},
{
"name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/mybb_115_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[\u0027HTTP_CLIENT_IP\u0027] variable), as utilized by index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21070"
},
{
"name": "mybb-clientip-sql-injection(27752)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
},
{
"name": "ADV-2006-2811",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2811"
},
{
"name": "1262",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1262"
},
{
"name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/mybb_115_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[\u0027HTTP_CLIENT_IP\u0027] variable), as utilized by index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21070"
},
{
"name": "mybb-clientip-sql-injection(27752)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
},
{
"name": "ADV-2006-2811",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2811"
},
{
"name": "1262",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1262"
},
{
"name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
},
{
"name": "http://retrogod.altervista.org/mybb_115_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/mybb_115_sql.html"
},
{
"name": "http://www.mybboard.com/archive.php?nid=16",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3775",
"datePublished": "2006-07-21T18:00:00.000Z",
"dateReserved": "2006-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:54.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3760 (GCVE-0-2006-3760)
Vulnerability from nvd – Published: 2006-07-21 00:00 – Updated: 2024-08-07 18:39
VLAI
Summary
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://community.mybboard.net/showthread.php?tid=10115 | x_refsource_CONFIRM |
| http://www.osvdb.org/26811 | vdb-entryx_refsource_OSVDB |
| http://www.mybboard.com/archive.php?nid=15 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/20873 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-06-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name": "26811",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26811"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-unspecified-sql-injection(27483)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
},
{
"name": "20873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name": "26811",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26811"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-unspecified-sql-injection(27483)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
},
{
"name": "20873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.mybboard.net/showthread.php?tid=10115",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name": "26811",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26811"
},
{
"name": "http://www.mybboard.com/archive.php?nid=15",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-unspecified-sql-injection(27483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
},
{
"name": "20873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3760",
"datePublished": "2006-07-21T00:00:00.000Z",
"dateReserved": "2006-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:54.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3758 (GCVE-0-2006-3758)
Vulnerability from nvd – Published: 2006-07-21 00:00 – Updated: 2024-08-07 18:39
VLAI
Summary
inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://community.mybboard.net/showthread.php?tid=10115 | x_refsource_CONFIRM |
| http://www.mybboard.com/archive.php?nid=15 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/26809 | vdb-entryx_refsource_OSVDB |
| http://myimei.com/security/2006-06-24/mybb104arch… | x_refsource_MISC |
| http://secunia.com/advisories/20873 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-06-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-index-sql-injection(27445)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
},
{
"name": "26809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26809"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
},
{
"name": "20873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-index-sql-injection(27445)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
},
{
"name": "26809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26809"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
},
{
"name": "20873",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.mybboard.net/showthread.php?tid=10115",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name": "http://www.mybboard.com/archive.php?nid=15",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-index-sql-injection(27445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27445"
},
{
"name": "26809",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26809"
},
{
"name": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-06-24/mybb104archive-modelight-parameter-extractionvarable-overwriting.html"
},
{
"name": "20873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3758",
"datePublished": "2006-07-21T00:00:00.000Z",
"dateReserved": "2006-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:54.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2230 (GCVE-0-2009-2230)
Vulnerability from cvelistv5 – Published: 2009-06-26 18:00 – Updated: 2024-08-07 05:44
VLAI
Summary
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/35458 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/9001 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/35517 | third-party-advisoryx_refsource_SECUNIA |
| http://blog.mybboard.net/2009/06/15/mybb-147-rele… | x_refsource_CONFIRM |
| http://mybboard.net/download/104 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/1653 | vdb-entryx_refsource_VUPEN |
Date Public
2009-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35458"
},
{
"name": "9001",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9001"
},
{
"name": "35517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35517"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mybboard.net/download/104"
},
{
"name": "ADV-2009-1653",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35458"
},
{
"name": "9001",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9001"
},
{
"name": "35517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35517"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mybboard.net/download/104"
},
{
"name": "ADV-2009-1653",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35458"
},
{
"name": "9001",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9001"
},
{
"name": "35517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35517"
},
{
"name": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/",
"refsource": "CONFIRM",
"url": "http://blog.mybboard.net/2009/06/15/mybb-147-released-security-update/"
},
{
"name": "http://mybboard.net/download/104",
"refsource": "CONFIRM",
"url": "http://mybboard.net/download/104"
},
{
"name": "ADV-2009-1653",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2230",
"datePublished": "2009-06-26T18:00:00.000Z",
"dateReserved": "2009-06-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:44:55.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0787 (GCVE-0-2008-0787)
Vulnerability from cvelistv5 – Published: 2008-02-15 00:00 – Updated: 2024-08-07 08:01
VLAI
Summary
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.waraxe.us/advisory-64.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/27378 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/28572/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/486763/100… | mailing-listx_refsource_BUGTRAQ |
| http://community.mybboard.net/showthread.php?tid=27675 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id?1019257 | vdb-entryx_refsource_SECTRACK |
| https://www.exploit-db.com/exploits/5070 | exploitx_refsource_EXPLOIT-DB |
| http://www.vupen.com/english/advisories/2008/0238 | vdb-entryx_refsource_VUPEN |
Date Public
2008-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:38.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-64.html"
},
{
"name": "27378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27378"
},
{
"name": "28572",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28572/"
},
{
"name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=27675"
},
{
"name": "1019257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019257"
},
{
"name": "5070",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5070"
},
{
"name": "ADV-2008-0238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0238"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-64.html"
},
{
"name": "27378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27378"
},
{
"name": "28572",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28572/"
},
{
"name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=27675"
},
{
"name": "1019257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019257"
},
{
"name": "5070",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5070"
},
{
"name": "ADV-2008-0238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0238"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-64.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-64.html"
},
{
"name": "27378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27378"
},
{
"name": "28572",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28572/"
},
{
"name": "20080121 [waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486763/100/200/threaded"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=27675",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=27675"
},
{
"name": "1019257",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019257"
},
{
"name": "5070",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5070"
},
{
"name": "ADV-2008-0238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0238"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0787",
"datePublished": "2008-02-15T00:00:00.000Z",
"dateReserved": "2008-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:38.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0382 (GCVE-0-2008-0382)
Vulnerability from cvelistv5 – Published: 2008-01-22 19:00 – Updated: 2024-08-07 07:46
VLAI
Summary
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/4928 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/28509 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/486434/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/27322 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/4927 | exploitx_refsource_EXPLOIT-DB |
| http://securityreason.com/securityalert/3559 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-01-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4928",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4928"
},
{
"name": "28509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28509"
},
{
"name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
},
{
"name": "27322",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27322"
},
{
"name": "4927",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4927"
},
{
"name": "3559",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4928",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4928"
},
{
"name": "28509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28509"
},
{
"name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
},
{
"name": "27322",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27322"
},
{
"name": "4927",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4927"
},
{
"name": "3559",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3559"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4928",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4928"
},
{
"name": "28509",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28509"
},
{
"name": "20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486434/100/0/threaded"
},
{
"name": "27322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27322"
},
{
"name": "4927",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4927"
},
{
"name": "3559",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3559"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0382",
"datePublished": "2008-01-22T19:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:55.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2211 (GCVE-0-2007-2211)
Vulnerability from cvelistv5 – Published: 2007-04-24 20:00 – Updated: 2024-08-07 13:23
VLAI
Summary
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/23612 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2007/1510 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/24967 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/3780 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2007-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:51.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23612"
},
{
"name": "ADV-2007-1510",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1510"
},
{
"name": "24967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24967"
},
{
"name": "3780",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3780"
},
{
"name": "mybb-calendar-sql-injection(33814)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23612"
},
{
"name": "ADV-2007-1510",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1510"
},
{
"name": "24967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24967"
},
{
"name": "3780",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3780"
},
{
"name": "mybb-calendar-sql-injection(33814)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23612"
},
{
"name": "ADV-2007-1510",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1510"
},
{
"name": "24967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24967"
},
{
"name": "3780",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3780"
},
{
"name": "mybb-calendar-sql-injection(33814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2211",
"datePublished": "2007-04-24T20:00:00.000Z",
"dateReserved": "2007-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:23:51.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1964 (GCVE-0-2007-1964)
Vulnerability from cvelistv5 – Published: 2007-04-11 10:00 – Updated: 2024-08-07 13:13
VLAI
Summary
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/464267/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2544 | third-party-advisoryx_refsource_SREASON |
Date Public
2007-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:42.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070330 Mybb Change Password Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"name": "mybb-debugmode-information-disclosure(33345)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
},
{
"name": "2544",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2544"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account\u0027s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070330 Mybb Change Password Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"name": "mybb-debugmode-information-disclosure(33345)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
},
{
"name": "2544",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2544"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account\u0027s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070330 Mybb Change Password Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"name": "mybb-debugmode-information-disclosure(33345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
},
{
"name": "2544",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2544"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1964",
"datePublished": "2007-04-11T10:00:00.000Z",
"dateReserved": "2007-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:13:42.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1963 (GCVE-0-2007-1963)
Vulnerability from cvelistv5 – Published: 2007-04-11 10:00 – Updated: 2024-08-07 13:13
VLAI
Summary
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://community.mybboard.net/showthread.php?tid=18002 | x_refsource_CONFIRM |
| http://secunia.com/advisories/24689 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/1244 | vdb-entryx_refsource_VUPEN |
| https://www.exploit-db.com/exploits/3653 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/34657 | vdb-entryx_refsource_OSVDB |
| http://community.mybboard.net/attachment.php?aid=5842 | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/464563/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-04-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:42.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/showthread.php?tid=18002"
},
{
"name": "24689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24689"
},
{
"name": "ADV-2007-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1244"
},
{
"name": "3653",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3653"
},
{
"name": "34657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://community.mybboard.net/attachment.php?aid=5842"
},
{
"name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/showthread.php?tid=18002"
},
{
"name": "24689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24689"
},
{
"name": "ADV-2007-1244",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1244"
},
{
"name": "3653",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3653"
},
{
"name": "34657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://community.mybboard.net/attachment.php?aid=5842"
},
{
"name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.mybboard.net/showthread.php?tid=18002",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=18002"
},
{
"name": "24689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24689"
},
{
"name": "ADV-2007-1244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1244"
},
{
"name": "3653",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3653"
},
{
"name": "34657",
"refsource": "OSVDB",
"url": "http://osvdb.org/34657"
},
{
"name": "http://community.mybboard.net/attachment.php?aid=5842",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/attachment.php?aid=5842"
},
{
"name": "20070403 MyBulletinBoard (MyBB) \u003c= 1.2.3 Remote Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464563/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1963",
"datePublished": "2007-04-11T10:00:00.000Z",
"dateReserved": "2007-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:13:42.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4971 (GCVE-0-2006-4971)
Vulnerability from cvelistv5 – Published: 2006-09-25 01:00 – Updated: 2024-08-07 19:32
VLAI
Summary
MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/3666 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/446093/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1628 | third-party-advisoryx_refsource_SREASON |
Date Public
2006-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3666",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4971",
"datePublished": "2006-09-25T01:00:00.000Z",
"dateReserved": "2006-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:32:22.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4972 (GCVE-0-2006-4972)
Vulnerability from cvelistv5 – Published: 2006-09-25 01:00 – Updated: 2024-08-07 19:32
VLAI
Summary
Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/3666 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/446093/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1628 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/21972 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1628"
},
{
"name": "21972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3666",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1628"
},
{
"name": "21972",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21972"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3666",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3666"
},
{
"name": "20060915 MyBB Full path and Cross site scripting vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446093/100/0/threaded"
},
{
"name": "1628",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1628"
},
{
"name": "21972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21972"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4972",
"datePublished": "2006-09-25T01:00:00.000Z",
"dateReserved": "2006-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:32:22.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4707 (GCVE-0-2006-4707)
Vulnerability from cvelistv5 – Published: 2006-09-12 16:00 – Updated: 2024-08-07 19:23
VLAI
Summary
Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/1540 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/21697 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/3418 | vdb-entryx_refsource_VUPEN |
| http://myimei.com/security/2006-08-17/mybb-117-ad… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/444782/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.mybboard.com/archive.php?nid=18 | x_refsource_CONFIRM |
Date Public
2006-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1540",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1540"
},
{
"name": "21697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21697"
},
{
"name": "ADV-2006-3418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1540",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1540"
},
{
"name": "21697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21697"
},
{
"name": "ADV-2006-3418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1540",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1540"
},
{
"name": "21697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21697"
},
{
"name": "ADV-2006-3418",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"name": "http://www.mybboard.com/archive.php?nid=18",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4707",
"datePublished": "2006-09-12T16:00:00.000Z",
"dateReserved": "2006-09-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4706 (GCVE-0-2006-4706)
Vulnerability from cvelistv5 – Published: 2006-09-12 16:00 – Updated: 2024-08-07 19:23
VLAI
Summary
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/21697 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/1541 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2006/3418 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/444807/100… | mailing-listx_refsource_BUGTRAQ |
| http://myimei.com/security/2006-08-15/mybb-117-ht… | x_refsource_MISC |
| http://www.mybboard.com/archive.php?nid=18 | x_refsource_CONFIRM |
Date Public
2006-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21697"
},
{
"name": "1541",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1541"
},
{
"name": "ADV-2006-3418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java\u0026 #115;cript,\" a different vulnerability than CVE-2006-3761."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21697"
},
{
"name": "1541",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1541"
},
{
"name": "ADV-2006-3418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using \"java\u0026 #115;cript,\" a different vulnerability than CVE-2006-3761."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21697"
},
{
"name": "1541",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1541"
},
{
"name": "ADV-2006-3418",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444807/100/100/threaded"
},
{
"name": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-08-15/mybb-117-htmlspeacialchar_uni-fixjavascript-functions_postphp-urlxss-attack.html"
},
{
"name": "http://www.mybboard.com/archive.php?nid=18",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4706",
"datePublished": "2006-09-12T16:00:00.000Z",
"dateReserved": "2006-09-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4449 (GCVE-0-2006-4449)
Vulnerability from cvelistv5 – Published: 2006-08-30 01:00 – Updated: 2024-08-07 19:14
VLAI
Summary
Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/444414/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1469 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/21645 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/19718 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.mybboard.com/archive.php?nid=18 | x_refsource_CONFIRM |
Date Public
2006-08-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060825 MyBB Html Injection ( XSS )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
},
{
"name": "1469",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1469"
},
{
"name": "21645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21645"
},
{
"name": "19718",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19718"
},
{
"name": "mybb-attachment-xss(28587)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060825 MyBB Html Injection ( XSS )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
},
{
"name": "1469",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1469"
},
{
"name": "21645",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21645"
},
{
"name": "19718",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19718"
},
{
"name": "mybb-attachment-xss(28587)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060825 MyBB Html Injection ( XSS )",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
},
{
"name": "1469",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1469"
},
{
"name": "21645",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21645"
},
{
"name": "19718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19718"
},
{
"name": "mybb-attachment-xss(28587)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
},
{
"name": "http://www.mybboard.com/archive.php?nid=18",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4449",
"datePublished": "2006-08-30T01:00:00.000Z",
"dateReserved": "2006-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:14:46.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3954 (GCVE-0-2006-3954)
Vulnerability from cvelistv5 – Published: 2006-08-01 21:00 – Updated: 2024-08-07 18:48
VLAI
Summary
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/441534/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1319 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/19195 | vdb-entryx_refsource_BID |
Date Public
2006-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "1319",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1319"
},
{
"name": "19195",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19195"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "1319",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1319"
},
{
"name": "19195",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19195"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "1319",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1319"
},
{
"name": "19195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19195"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3954",
"datePublished": "2006-08-01T21:00:00.000Z",
"dateReserved": "2006-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3953 (GCVE-0-2006-3953)
Vulnerability from cvelistv5 – Published: 2006-08-01 21:00 – Updated: 2024-08-07 18:48
VLAI
Summary
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/441534/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/19193 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/1319 | third-party-advisoryx_refsource_SREASON |
Date Public
2006-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "19193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19193"
},
{
"name": "1319",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "19193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19193"
},
{
"name": "1319",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060729 [KAPDA::#53] MYBB XSS and Dir Traversal in usercp.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441534/100/0/threaded"
},
{
"name": "19193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19193"
},
{
"name": "1319",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3953",
"datePublished": "2006-08-01T21:00:00.000Z",
"dateReserved": "2006-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3775 (GCVE-0-2006-3775)
Vulnerability from cvelistv5 – Published: 2006-07-21 18:00 – Updated: 2024-08-07 18:39
VLAI
Summary
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/21070 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/2811 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/1262 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/440163/100… | mailing-listx_refsource_BUGTRAQ |
| http://retrogod.altervista.org/mybb_115_sql.html | x_refsource_MISC |
| http://www.mybboard.com/archive.php?nid=16 | x_refsource_CONFIRM |
Date Public
2006-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21070"
},
{
"name": "mybb-clientip-sql-injection(27752)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
},
{
"name": "ADV-2006-2811",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2811"
},
{
"name": "1262",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1262"
},
{
"name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/mybb_115_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mybboard.com/archive.php?nid=16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[\u0027HTTP_CLIENT_IP\u0027] variable), as utilized by index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21070"
},
{
"name": "mybb-clientip-sql-injection(27752)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
},
{
"name": "ADV-2006-2811",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2811"
},
{
"name": "1262",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1262"
},
{
"name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/mybb_115_sql.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mybboard.com/archive.php?nid=16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER[\u0027HTTP_CLIENT_IP\u0027] variable), as utilized by index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21070"
},
{
"name": "mybb-clientip-sql-injection(27752)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27752"
},
{
"name": "ADV-2006-2811",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2811"
},
{
"name": "1262",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1262"
},
{
"name": "20060715 MyBulletinBoard (MyBB) 1.1.5 \u0027CLIENT-IP\u0027 sql injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440163/100/0/threaded"
},
{
"name": "http://retrogod.altervista.org/mybb_115_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/mybb_115_sql.html"
},
{
"name": "http://www.mybboard.com/archive.php?nid=16",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3775",
"datePublished": "2006-07-21T18:00:00.000Z",
"dateReserved": "2006-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:54.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}