2180 matches found
phpBB Notes Module - SQL Injection
phpBB Notes Module - SQL Injection source: https://www.securityfocus.com/bid/13417/info The notes module for phpBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
phpBB Notes Module - SQL Injection
source: https://www.securityfocus.com/bid/13417/info The notes module for phpBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a...
CVE-2005-1290
Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 u parameter to profile.php, 2 highlight parameter to viewtopic.php, or 3 forumname or forumdesc parameters to adminforums.php...
CVE-2005-1290
CVE-2005-1290 affects phpBB 2.0.14 and earlier. It has multiple XSS vulnerabilities allowing remote attackers to inject arbitrary script/HTML via: (1) the u parameter in profile.php, (2) the highlight parameter in viewtopic.php, and (3) the forumname or forumdesc parameters in admin_forums.php. T...
-==phpBB 2.0.14 Multiple Vulnerabilities==-
/ -------------------------------------------------------- Neo Security Team NST® - Advisory 14 - 17/04/05 -------------------------------------------------------- Program: phpBB 2.0.14 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.14 & Lower versions Risk: Low Risk!! Impact:...
phpBB <= 2.0.14 Multiple Vulnerabilities
According to its banner, the remote host is running a version of phpBB that suffers from multiple flaws: - A BBCode Input Validation Vulnerability The application fails to properly filter for the BBCode URL in the 'includes/bbcode.php' script. With a specially crafted URL, an attacker could cause...
CVE-2005-1235
auctionmyauctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message...
CVE-2005-1234
CVE-2005-1234 : Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the u parameter to auction_rating.php or (2) the ar parameter to action_offer.php. These entries describe the affected product as phpbb-Auction and identify the...
CVE-2005-1235
The CVE concerns phpbb-Auction 1.2m and earlier, where auction_my_auctions.php accepts an invalid mode parameter and, via a PHP error message, leaks the full path. This is a potential information disclosure vulnerability in the PHP code path handling the auction feature. The provided documents do...
CVE-2005-1234
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the 1 u parameter to auctionrating.php or 2 ar parameter to actionoffer.php...
phpBB < 2.0.15 admin_forums.php XSS
Binary data 2849.prm...
phpBB 2.0.x - viewtopic.php Cross-Site Scripting
phpBB 2.0.x - viewtopic.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13345/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
phpBB 2.0.x - profile.php Cross-Site Scripting
phpBB 2.0.x - profile.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13344/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
phpBB 2.0.x - 'profile.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13344/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...
phpBB 2.0.x - 'viewtopic.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13345/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...
CVE-2005-1196
SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter...
CVE-2001-1471
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables 1 $lstatsblock in prefs.php or 2 $lprivnotify in auth.php from being properly initialized, which can be modified by the user and later...
CVE-2001-1471
CVE-2001-1471 affects phpBB versions 1.4.0 and earlier. The root cause is an invalid language value in prefs.php (and related auth.php handling) that can let a remote authenticated user modify variables (e.g., $l_statsblock, $l_privnotify) and later use them in an eval, enabling arbitrary PHP cod...
CVE-2005-1196
CVE-2005-1196: SQL injection in phpBB Knowledge Base module kb.php via the cat parameter due to improper input sanitization. This allows remote attackers to modify SQL queries and potentially access sensitive data. Affected component is the Knowledge Base module for phpBB; the vulnerability is do...
CVE-2001-1472
The CVE-2001-1472 entry describes a SQL injection in phpBB 1.4.0/1.4.1 through prefs.php via the viewemail parameter. This allows remote authenticated users to execute arbitrary SQL commands and gain administrative access. Affected: phpBB 1.4.0 and 1.4.1; vulnerability originates from the handlin...