Filtered by vendor Punbb
Subscribe
Total
47 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2724 | 1 Punbb | 1 Punbb | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227. | |||||
CVE-2005-1072 | 1 Punbb | 1 Punbb | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. | |||||
CVE-2005-3328 | 1 Punbb | 1 Punbb | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter. | |||||
CVE-2006-0866 | 1 Punbb | 1 Punbb | 2023-12-10 | 5.0 MEDIUM | N/A |
PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters. | |||||
CVE-2006-1089 | 1 Punbb | 1 Punbb | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag. | |||||
CVE-2006-4759 | 1 Punbb | 1 Punbb | 2023-12-10 | 3.6 LOW | N/A |
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926. | |||||
CVE-2006-2227 | 1 Punbb | 1 Punbb | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized. |