Lucene search
K

5 matches found

OSV
OSV
added 2026/05/04 5:42 a.m.2 views

CVE-2026-29199

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...

8.1CVSS5.9AI score0.00249EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-1363

Malware in sbrugna...

6.8CVSS6.4AI score0.01268EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2006/10/20 12:0 a.m.6 views

PT-2006-6154 · Phpbb · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.10 and earlier Description: A remote file inclusion issue allows attackers to execute arbitrary PHP code. This is achieved by providing a URL in the phpbb root path parameter. Recommendations: For versions 2.0.10 and earlie...

7.5CVSS8.1AI score0.01216EPSS
Exploits0References4
securityvulns
securityvulns
added 2005/03/09 12:0 a.m.32 views

phpBB 2.0.13 - user level exploit

This one goes for all phpBB versions up to 2.0.13. While applying and testing the patch for the autologin bug I found that phpBB2 doesn't reset the $userdata'userlevel' variable after a failed autologin. This is the vulvernable code in sessions.php: if $userid != ANONYMOUS $autologinkey =...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2003/08/19 12:0 a.m.26 views

XSS vulnerability in phpBB

Hi, I have found a dangerous vunlerability in phpBB. I've verified that versions 2.0.5 and 2.0.4 AFAIK the two latest versions are affected, but probably more versions are vulnerable. If HTML is enabled for postings, a user can post a link like this: a...

Exploits0
Rows per page
Query Builder