2 matches found
Debian DSA-1488-1 : phpbb2 - several vulnerabilities
Several remote vulnerabilities have been discovered in phpBB, a web-based bulletin board. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0471 Private messaging allowed cross site request forgery, making it possible to delete all private messages of...
CVE-2006-4758
CVE-2006-4758 affects phpBB 2.0.21 where an authenticated forum administrator can upload files by crafting the avatar_path parameter ending with .php%00. The vulnerability arises in the handling of pathnames ending in %00, enabling arbitrary file uploads. Public references in Debian OpenVAS entri...