Lucene search
+L

35 matches found

ubuntucve
ubuntucve
added 2007/02/08 5:28 p.m.36 views

CVE-2006-2219

phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the 1 mode parameter to memberlist.php and the 2 highlight parameter to viewtopic.php that are used a...

5CVSS5.9AI score0.01464EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2006/08/23 1:4 a.m.16 views

CVE-2006-4299

Cross-site scripting XSS vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

4.3CVSS6.1AI score0.01342EPSS
Exploits0References1
freebsd
freebsd
added 2006/08/21 12:0 a.m.48 views

tikiwiki -- multiple vulnerabilities

Secunia reports: Thomas Pollet has discovered a vulnerability in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "highlight" parameter in tiki-searchindex.php is not properly sanitised before being returned to the user. This can be...

6.4AI score
Exploits0References2
nvd
nvd
added 2006/06/22 10:6 p.m.17 views

CVE-2006-3149

Cross-site scripting XSS vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...

4.3CVSS5.7AI score0.01275EPSS
Exploits0References6
cvelist
cvelist
added 2006/06/22 10:0 p.m.20 views

CVE-2006-3149

Cross-site scripting XSS vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...

5.7AI score0.01275EPSS
Exploits0References6
saint
saint
added 2005/12/28 12:0 a.m.45 views

phpBB viewtopic.php highlight parameter vulnerability

Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...

7.5CVSS6.5AI score0.85366EPSS
Exploits9
saint
saint
added 2005/12/28 12:0 a.m.17 views

phpBB viewtopic.php highlight parameter vulnerability

Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...

7.5CVSS6.5AI score0.85366EPSS
Exploits9
saint
saint
added 2005/12/28 12:0 a.m.48 views

phpBB viewtopic.php highlight parameter vulnerability

Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...

7.5CVSS6.5AI score0.85366EPSS
Exploits9
saint
saint
added 2005/12/28 12:0 a.m.43 views

phpBB viewtopic.php highlight parameter vulnerability

Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...

7.5CVSS6.5AI score0.85366EPSS
Exploits9
cvelist
cvelist
added 2005/06/28 4:0 a.m.29 views

CVE-2002-1894

Cross-site scripting XSS vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...

5.7AI score0.0196EPSS
Exploits1References4
freebsd
freebsd
added 2005/06/28 12:0 a.m.35 views

phpbb -- remote PHP code execution vulnerability

FrSIRT Advisory reports: A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the "viewtopic.php" script that does not properly filter the "highlight" parameter before calling the...

7.5CVSS6.7AI score0.85366EPSS
Exploits9References2
ptsecurity
ptsecurity
added 2005/02/28 12:0 a.m.7 views

PT-2005-1651 · Phpbb · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.12 and earlier Description: The issue allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax in the "viewtopic.php" API endpoint. This reveals the path...

5CVSS6.2AI score0.0432EPSS
Exploits0References6
cvelist
cvelist
added 2004/12/31 5:0 a.m.25 views

CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...

7.3AI score0.72096EPSS
Exploits11References11
cve
cve
added 2004/12/31 5:0 a.m.200 views

CVE-2004-1315

Summary: CVE-2004-1315 affects phpBB 2.x prior to 2.0.11. The vulnerability stems from improper URL decoding of the highlight parameter in viewtopic.php, allowing a remote attacker to double-encode the highlight value so that PHP exec runs arbitrary code. Exploited in the wild by the Santy.A worm...

7.5CVSS7.2AI score0.72096EPSS
Exploits11References11Affected Software1
cert
cert
added 2004/12/21 12:0 a.m.21 views

phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter

Overview phpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Description phpBB is an open-source bulletin board. A lack of inpu...

7.9AI score
Exploits0References3
Rows per page
Query Builder