Filtered by vendor Phpbb Group
Subscribe
Total
93 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-4358 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 5.0 MEDIUM | N/A |
admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message. | |||||
CVE-2005-0258 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. | |||||
CVE-2006-0632 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 6.4 MEDIUM | N/A |
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. | |||||
CVE-2005-1234 | 1 Phpbb Group | 1 Phpbb-auction | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php. | |||||
CVE-2005-0872 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter. | |||||
CVE-2005-1116 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. | |||||
CVE-2005-0659 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 5.0 MEDIUM | N/A |
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. | |||||
CVE-2006-0450 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 5.0 MEDIUM | N/A |
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. | |||||
CVE-2006-2150 | 1 Phpbb Group | 1 Phpbb Toplist | 2023-12-10 | 6.4 MEDIUM | N/A |
PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. | |||||
CVE-2006-2151 | 1 Phpbb Group | 1 Phpbb Toplist | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | |||||
CVE-2006-2245 | 1 Phpbb Group | 1 Phpbb-auction | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
CVE-2005-3536 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. | |||||
CVE-2005-0259 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 6.4 MEDIUM | N/A |
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. | |||||
CVE-2006-2360 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2006-3940 | 1 Phpbb Group | 1 Phpbb-auction | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error. | |||||
CVE-2006-4758 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 4.6 MEDIUM | N/A |
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. | |||||
CVE-2005-0673 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. | |||||
CVE-2005-2086 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | |||||
CVE-2005-4357 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover. | |||||
CVE-2005-0871 | 1 Phpbb Group | 1 Phpbb | 2023-12-10 | 5.0 MEDIUM | N/A |
calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. |