CVE-2012-5005

Cross-site request forgery CSRF vulnerability in admin/adminoptions.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action...

CVE-2012-5005

The CVE-2012-5005 entry concerns a Cross-site Request Forgery in VR GPub 4.0, specifically in admin/admin_options.php. The vulnerability allows an attacker to hijack admin authentication by issuing requests that add new admin accounts, effectively enabling account creation and potential admin tak...

CVE-2007-2236

footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting XSS attack, or via the puninclude tag, as demonstrated by use of adminoptions.php to execute PHP code from an uploaded avatar file...

punbb -- NULL byte injection vulnerability

CVE Mitre reports: PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to adminoptions.php with an avatarsdir parameter ending in %00. NOTE:...