Vendor Dictionary: MyBB Group

MyBB Group

Short Name:	[None Entered]
Previous Names:	[None Entered]
URL:	[None Entered]
Email:	[None Entered]
Security URL:	[None Entered]
Security Email:	[None Entered]
Knowledge Base:	[None Entered]
Notes:	[No Notes]

Vulnerabilities by Vendor Product

MyBB Group

MyBB Group

MyBB: 1.0 PR2; OSVDB ID: 20700 MyBulletinBoard (MyBB) usercp.php awayday Parameter SQL Injection; RC4; OSVDB ID: 20700 MyBulletinBoard (MyBB) usercp.php awayday Parameter SQL Injection; 1.0.2; OSVDB ID: 22628 MyBulletinBoard (MyBB) Allow HTML in Signatures Script Insertion; OSVDB ID: 22750 MyBulletinBoard (MyBB) search.php Multiple Parameter XSS; OSVDB ID: 22736 MyBulletinBoard (MyBB) search.php SQL Error Message Table Prefix Disclosure; 1.02; OSVDB ID: 22903 MyBulletinBoard (MyBB) global.php templatelist Parameter SQL Injection; 1.0.4; OSVDB ID: 23264 MyBulletinBoard (MyBB) calendar.php Advanced Details Link XSS; OSVDB ID: 23935 MyBulletinBoard (MyBB) member.php Multiple Parameter XSS; 1.0.3; OSVDB ID: 23935 MyBulletinBoard (MyBB) member.php Multiple Parameter XSS; 1.10; OSVDB ID: 24375 MyBulletinBoard (MyBB) Multiple BBcode Tag XSS; 1.1.0; OSVDB ID: 24711 MyBulletinBoard (MyBB) inc/init.php Variable Overwrite; OSVDB ID: 24710 MyBulletinBoard (MyBB) global.php Variable Overwrite; 1.1.1; OSVDB ID: 24711 MyBulletinBoard (MyBB) inc/init.php Variable Overwrite; OSVDB ID: 24710 MyBulletinBoard (MyBB) global.php Variable Overwrite; 1.1.4; OSVDB ID: 26810 MyBulletinBoard (MyBB) Unspecified User Group Manipulation; 1.1.7; OSVDB ID: 28310 MyBulletinBoard (MyBB) Crafted url BBCode Tag XSS; OSVDB ID: 28311 MyBulletinBoard (MyBB) admin/index.php XSS; 1.4.11; OSVDB ID: 63841 MyBB Password Reset Email BCC Header Injection; OSVDB ID: 63839 MyBB Password Reset mt_rand() Token Generation Weakness; OSVDB ID: 63840 MyBB usercp2.php CSRF; OSVDB ID: 70275 MyBB Moderated Group Join Request Guest Access Remote DoS; OSVDB ID: 70276 MyBB member.php SQL COUNT Function Call User Table scan Remote DoS; OSVDB ID: 70277 MyBB Portal Page Latest Threads Block Remote Information Disclosure; OSVDB ID: 70278 MyBB Post Editing [img] MyCodes Quantity Restriction Bypass; 1.6; OSVDB ID: 69980 MyBB newreply.php posthash Parameter XSS; OSVDB ID: 69979 MyBB member.php url Parameter XSS; OSVDB ID: 70014 MyBB private.php keywords Parameter SQL Injection; OSVDB ID: 70013 MyBB search.php keywords Parameter SQL Injection; 1.6; OSVDB ID: 70279 MyBB editpost.php Unspecified Parameter XSS; 1.6; OSVDB ID: 71314 MyBB forumdisplay.php mybb[forumread] Cookie Malformed Input Path Disclosure; 1.6.2; OSVDB ID: 71874 MyBB showthread.php mybb[forumread] Cookie SQL Injection; OSVDB ID: 71875 MyBB Malformed Search Query SQL Error Message Information Disclosure; 1.4.15; OSVDB ID: 71874 MyBB showthread.php mybb[forumread] Cookie SQL Injection; OSVDB ID: 71875 MyBB Malformed Search Query SQL Error Message Information Disclosure; 1.6.2; 1.4.15; 1.6.6; OSVDB ID: 80633 MyBB index.php conditions[usergroup][] Parameter XSS; OSVDB ID: 80634 MyBB index.php conditions[usergroup][] Parameter SQL Injection; 1.6.6; OSVDB ID: 81776 MyBB Admin Control Panel (ACP) User Search SQL Injection; 1.6.6; OSVDB ID: 81777 MyBB Admin Control Panel (ACP) Mail Log SQL Injection; 1.6.6; OSVDB ID: 81778 MyBB Admin Control Panel (ACP) User Inline Moderation SQL Injection; 1.6.6; OSVDB ID: 81779 MyBB Admin Control Panel (ACP) Orphaned Attachment Filename XSS; 1.6.6; OSVDB ID: 81780 MyBB Forumread Cookie Malformed Input Path Disclosure; 1.6.8; OSVDB ID: 82810 MyBB member.php uid Parameter SQL Injection; OSVDB ID: 88485 MyBB editpost.php posthash Parameter SQL Injection; 1.6.5; OSVDB ID: 79132 MyBB Akismet Plugin Unspecified XSS; OSVDB ID: 79133 MyBB User Control Panel Forum Subscriptions Unspecified XSS; OSVDB ID: 79134 MyBB Moderator Control Panel Moderator Logs Unspecified XSS; OSVDB ID: 79135 MyBB Edit Post Unspecified XSS; OSVDB ID: 79136 MyBB Moderator Control Panel Announcement Editing Unspecified XSS; OSVDB ID: 79131 MyBB Calendar Event Moving Unspecified XSS; OSVDB ID: 79130 MyBB Multiple Function CSRF; 1.6.8; OSVDB ID: 88484 MyBB CAPTCHA System Unspecified Brute Force Weakness; 1.6.8; 1.6.9; OSVDB ID: 92683 MyBB Database Optimization Unspecified SQL Injection; OSVDB ID: 92686 MyBB View Only Own Threads Flag Permission Verification Information Disclosure; 1.6.9; OSVDB ID: 92684 MyBB Database Backup Creation Unspecified SQL Injection; 1.6.9; OSVDB ID: 92685 MyBB Theme Name XSS; 1.6.9; 1.6.09; OSVDB ID: 92687 MyBB Debug Page Unspecified XSS; 1.6.09; OSVDB ID: 92688 MyBB modcp.php Unspecified Input Validation Issue; 1.6.09; OSVDB ID: 92689 MyBB calendar.php Unspecified Input Validation Issue

DevBB: 1.0.0; OSVDB ID: 24994 DevBB member.php member Parameter XSS

MyBulletinBoard: PR2 Rev.686; OSVDB ID: 21600 MyBulletinBoard (MyBB) calendar.php Multiple Variable POST Method SQL Injection; OSVDB ID: 22158 MyBulletinBoard (MyBB) ratethread.php rating Variable POST Method SQL Injection; OSVDB ID: 22157 MyBulletinBoard (MyBB) member.php rating Variable POST Method SQL Injection; 1.03; OSVDB ID: 22957 MyBulletinBoard (MyBB) moderation.php posts Parameter SQL Injection; 1.0 PR2 Rev.686; OSVDB ID: 21601 MyBulletinBoard (MyBB) printthread.php Message XSS; OSVDB ID: 24380 MyBulletinBoard (MyBB) Multiple Unspecified Issues; OSVDB ID: 22156 MyBulletinBoard (MyBB) usercp.php Multiple Variable POST Method SQL Injection; OSVDB ID: 22159 MyBulletinBoard (MyBB) function_upload.php SQL Injection; 1.0 PR2; OSVDB ID: 21601 MyBulletinBoard (MyBB) printthread.php Message XSS; OSVDB ID: 24380 MyBulletinBoard (MyBB) Multiple Unspecified Issues; OSVDB ID: 22156 MyBulletinBoard (MyBB) usercp.php Multiple Variable POST Method SQL Injection; OSVDB ID: 22159 MyBulletinBoard (MyBB) function_upload.php SQL Injection; 1.0; OSVDB ID: 21601 MyBulletinBoard (MyBB) printthread.php Message XSS; OSVDB ID: 24380 MyBulletinBoard (MyBB) Multiple Unspecified Issues; OSVDB ID: 22156 MyBulletinBoard (MyBB) usercp.php Multiple Variable POST Method SQL Injection; OSVDB ID: 22159 MyBulletinBoard (MyBB) function_upload.php SQL Injection; 1.0.1; OSVDB ID: 21601 MyBulletinBoard (MyBB) printthread.php Message XSS; OSVDB ID: 24380 MyBulletinBoard (MyBB) Multiple Unspecified Issues; OSVDB ID: 22156 MyBulletinBoard (MyBB) usercp.php Multiple Variable POST Method SQL Injection; OSVDB ID: 22159 MyBulletinBoard (MyBB) function_upload.php SQL Injection; 1.1.3; OSVDB ID: 26807 MyBulletinBoard (MyBB) editpost.php CSRF; 1.1.4; OSVDB ID: 26807 MyBulletinBoard (MyBB) editpost.php CSRF; OSVDB ID: 26811 MyBulletinBoard (MyBB) Unspecified SQL Injection

Profile Albums Plugin for MyBB: 0.9; OSVDB ID: 86498 Profile Albums Plugin for MyBB albums.php album Parameter SQL Injection

MyBulletinBoard (MyBB): 1.00 RC4; OSVDB ID: 17008 MyBulletinBoard (MyBB) misc.php Multiple Parameter XSS; OSVDB ID: 17009 MyBulletinBoard (MyBB) forumdisplay.php Multiple Parameter XSS; OSVDB ID: 17010 MyBulletinBoard (MyBB) member.php Multiple Parameter XSS; OSVDB ID: 17011 MyBulletinBoard (MyBB) memberlist.php Multiple Parameter XSS; OSVDB ID: 17012 MyBulletinBoard (MyBB) showthread.php Multiple Parameter XSS; OSVDB ID: 17013 MyBulletinBoard (MyBB) printthread.php tid Parameter XSS; OSVDB ID: 17015 MyBulletinBoard (MyBB) online.php pidsql Parameter SQL Injection; OSVDB ID: 17016 MyBulletinBoard (MyBB) memberlist.php usersearch Parameter SQL Injection; OSVDB ID: 17017 MyBulletinBoard (MyBB) editpost.php pid Parameter SQL Injection; OSVDB ID: 17018 MyBulletinBoard (MyBB) forumdisplay.php fid Parameter SQL Injection; OSVDB ID: 17019 MyBulletinBoard (MyBB) newreply.php tid Parameter SQL Injection; OSVDB ID: 17020 MyBulletinBoard (MyBB) search.php sid Parameter SQL Injection; OSVDB ID: 17021 MyBulletinBoard (MyBB) showthread.php Multiple Parameter SQL Injection; OSVDB ID: 17022 MyBulletinBoard (MyBB) usercp2.php tid Parameter SQL Injection; OSVDB ID: 17023 MyBulletinBoard (MyBB) printthread.php tid Parameter SQL Injection; OSVDB ID: 17024 MyBulletinBoard (MyBB) reputation.php pid Parameter SQL Injection; OSVDB ID: 17025 MyBulletinBoard (MyBB) portal.php username Parameter SQL Injection; OSVDB ID: 17026 MyBulletinBoard (MyBB) polls.php tid Parameter SQL Injection; OSVDB ID: 17027 MyBulletinBoard (MyBB) ratethread.php tid Parameter SQL Injection; OSVDB ID: 17014 MyBulletinBoard (MyBB) calendar.php eid Parameter SQL Injection; 1.0 RC4; OSVDB ID: 16934 MyBulletinBoard (MyBB) usercp.php User Profile website Field XSS; 1.0 RC3; OSVDB ID: 16934 MyBulletinBoard (MyBB) usercp.php User Profile website Field XSS; 1.0 RC2; OSVDB ID: 16934 MyBulletinBoard (MyBB) usercp.php User Profile website Field XSS; 1.0 RC1; OSVDB ID: 16934 MyBulletinBoard (MyBB) usercp.php User Profile website Field XSS; 1.0; OSVDB ID: 16934 MyBulletinBoard (MyBB) usercp.php User Profile website Field XSS; 1.0 RC4; OSVDB ID: 19030 MyBulletinBoard (MyBB) index.php Username Parameter SQL Injection; OSVDB ID: 19032 MyBulletinBoard (MyBB) polls.php polloptions Parameter SQL Injection; OSVDB ID: 19033 MyBulletinBoard (MyBB) search.php action Parameter SQL Injection; OSVDB ID: 19031 MyBulletinBoard (MyBB) member.php Multiple Parameter SQL Injection; 1.1.1; OSVDB ID: 25074 MyBulletinBoard (MyBB) admin/adminfunctions.php querystring Parameter SQL Injection; OSVDB ID: 25075 MyBulletinBoard (MyBB) admin/templates.php Multiple Parameter SQL Injection; OSVDB ID: 25674 MyBulletinBoard (MyBB) showthread.php comma Parameter SQL Injection; 1.1.2; OSVDB ID: 26216 MyBulletinBoard (MyBB) Registration username Field domecode() Function PHP Code Execution; 1.0; 1.02; OSVDB ID: 22737 MyBulletinBoard (MyBB) usercp.php Multiple Variable POST Method XSS; Unknown or Unspecified; OSVDB ID: 12822 MyBulletinBoard (MyBB) calendar.php Add Event Function XSS; Unknown or Unspecified; OSVDB ID: 69926 MyBulletinBoard (MyBB) calendar.php Subject Field Arbitrary Java Code DoS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.