[KAPDA::#35] - MyBB1.0.4~member.php~XSS after login

ORIGINAL ADVISORY:
http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html
http://kapda.ir/advisory-296.html

???Summary???
Software: MyBB
Sowtware?s Web Site: http://www.mybboard.com
Versions: 1.0.4
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: imei addmimistrator
Risk Level: high

Relevant Pages

[KAPDA::#34] - MyBB1.0.4~redirectfunction()~HeaderInjection
... ORIGINAL ADVISORY: ... Sowtware?s Web Site: http://www.mybboard.com ... Discovered by: imei addmimistrator ... Risk Level: high ...
(Bugtraq)
[myimei]MyBB1.0.3~moderation.php~SqlInject while merging posts
... ORIGINAL ADVISORY: ... Sowtware?s Web Site: http://www.mybboard.com ... Discovered by: imei addmimistrator ... Risk Level: high ...
(Bugtraq)
[[KAPDA::#35] MyBB 1.0.3~member.php~XSS Attack in contact details
... Sowtware?s Web Site: http://www.mybboard.com ... Discovered by: imei addmimistrator ... Risk Level: medium ...
(Bugtraq)
[KAPDA]MyBB1.1.0~global.php~ParameterExtracting
... ORIGINAL ADVISORY: ... Discovered by: imei addmimistrator ... Risk Level: Very high ... There is a security bug in MyBB 1.1.0 software files global.php that allows attacker performe varable extracting. ...
(Bugtraq)
Olate Download 3.4.2~uploads folder ~ directory traversal
... VISIT ORIGINAL ADVISORY FOR MORE DETAILS ... Software: Olate Download ... Sowtware's Web Site: http://www.olate.co.uk/ ... Discovered by: imei addmimistrator ...
(Bugtraq)