Total
83 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0603 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 5.0 MEDIUM | N/A |
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message. | |||||
CVE-2005-0659 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 5.0 MEDIUM | N/A |
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. | |||||
CVE-2005-0614 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 7.5 HIGH | N/A |
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. | |||||
CVE-2004-2130 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables. | |||||
CVE-2003-0484 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter. | |||||
CVE-2002-0533 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 5.0 MEDIUM | N/A |
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | |||||
CVE-2002-0473 | 1 Phpbb Group | 1 Phpbb | 2016-09-16 | 10.0 HIGH | N/A |
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter. | |||||
CVE-2006-0063 | 1 Phpbb Group | 1 Phpbb | 2011-03-06 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. | |||||
CVE-2005-0259 | 1 Phpbb Group | 1 Phpbb | 2008-09-10 | 6.4 MEDIUM | N/A |
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. | |||||
CVE-2005-0258 | 1 Phpbb Group | 1 Phpbb | 2008-09-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. | |||||
CVE-2006-6840 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." | |||||
CVE-2006-6839 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." | |||||
CVE-2006-6841 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. | |||||
CVE-2006-1775 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603. | |||||
CVE-2005-3536 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 7.5 HIGH | N/A |
SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. | |||||
CVE-2005-3537 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 5.0 MEDIUM | N/A |
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs. | |||||
CVE-2005-0673 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. | |||||
CVE-2003-1244 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 7.5 HIGH | N/A |
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php. | |||||
CVE-2002-2176 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page. | |||||
CVE-2002-1894 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. |