Lucene search
K

2180 matches found

exploitpack
exploitpack
added 2005/04/28 12:0 a.m.10 views

phpBB Notes Module - SQL Injection

phpBB Notes Module - SQL Injection source: https://www.securityfocus.com/bid/13417/info The notes module for phpBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

Exploits0
Exploit DB
Exploit DB
added 2005/04/28 12:0 a.m.35 views

phpBB Notes Module - SQL Injection

source: https://www.securityfocus.com/bid/13417/info The notes module for phpBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2005/04/26 4:0 a.m.24 views

CVE-2005-1290

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 u parameter to profile.php, 2 highlight parameter to viewtopic.php, or 3 forumname or forumdesc parameters to adminforums.php...

5.8AI score0.01039EPSS
Exploits1References2
CVE
CVE
added 2005/04/26 4:0 a.m.50 views

CVE-2005-1290

CVE-2005-1290 affects phpBB 2.0.14 and earlier. It has multiple XSS vulnerabilities allowing remote attackers to inject arbitrary script/HTML via: (1) the u parameter in profile.php, (2) the highlight parameter in viewtopic.php, and (3) the forumname or forumdesc parameters in admin_forums.php. T...

4.3CVSS5.8AI score0.01039EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2005/04/25 12:0 a.m.40 views

-==phpBB 2.0.14 Multiple Vulnerabilities==-

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 14 - 17/04/05 -------------------------------------------------------- Program: phpBB 2.0.14 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.14 & Lower versions Risk: Low Risk!! Impact:...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/04/25 12:0 a.m.31 views

phpBB <= 2.0.14 Multiple Vulnerabilities

According to its banner, the remote host is running a version of phpBB that suffers from multiple flaws: - A BBCode Input Validation Vulnerability The application fails to properly filter for the BBCode URL in the 'includes/bbcode.php' script. With a specially crafted URL, an attacker could cause...

7.5CVSS5.9AI score0.1636EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/04/24 4:0 a.m.18 views

CVE-2005-1235

auctionmyauctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message...

6.3AI score0.01558EPSS
Exploits1References5
CVE
CVE
added 2005/04/24 4:0 a.m.50 views

CVE-2005-1234

CVE-2005-1234 : Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the u parameter to auction_rating.php or (2) the ar parameter to action_offer.php. These entries describe the affected product as phpbb-Auction and identify the...

5CVSS8.9AI score0.01876EPSS
Exploits1References11Affected Software1
CVE
CVE
added 2005/04/24 4:0 a.m.40 views

CVE-2005-1235

The CVE concerns phpbb-Auction 1.2m and earlier, where auction_my_auctions.php accepts an invalid mode parameter and, via a PHP error message, leaks the full path. This is a potential information disclosure vulnerability in the PHP code path handling the auction feature. The provided documents do...

5CVSS6.7AI score0.01558EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2005/04/24 4:0 a.m.26 views

CVE-2005-1234

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the 1 u parameter to auctionrating.php or 2 ar parameter to actionoffer.php...

8.4AI score0.01876EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2005/04/24 12:0 a.m.22 views

phpBB < 2.0.15 admin_forums.php XSS

Binary data 2849.prm...

7.5CVSS7.3AI score0.1636EPSS
Exploits1References5
exploitpack
exploitpack
added 2005/04/23 12:0 a.m.10 views

phpBB 2.0.x - viewtopic.php Cross-Site Scripting

phpBB 2.0.x - viewtopic.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13345/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2005/04/23 12:0 a.m.15 views

phpBB 2.0.x - profile.php Cross-Site Scripting

phpBB 2.0.x - profile.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13344/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2005/04/23 12:0 a.m.31 views

phpBB 2.0.x - &#039;profile.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13344/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/04/23 12:0 a.m.41 views

phpBB 2.0.x - &#039;viewtopic.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13345/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

7AI score
Exploits0
Cvelist
Cvelist
added 2005/04/21 4:0 a.m.20 views

CVE-2005-1196

SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter...

7.5AI score0.0198EPSS
Exploits0References1
Cvelist
Cvelist
added 2005/04/21 4:0 a.m.27 views

CVE-2001-1471

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables 1 $lstatsblock in prefs.php or 2 $lprivnotify in auth.php from being properly initialized, which can be modified by the user and later...

8.8AI score0.07702EPSS
Exploits1References5
CVE
CVE
added 2005/04/21 4:0 a.m.54 views

CVE-2001-1471

CVE-2001-1471 affects phpBB versions 1.4.0 and earlier. The root cause is an invalid language value in prefs.php (and related auth.php handling) that can let a remote authenticated user modify variables (e.g., $l_statsblock, $l_privnotify) and later use them in an eval, enabling arbitrary PHP cod...

8.8CVSS7.6AI score0.07702EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2005/04/21 4:0 a.m.57 views

CVE-2005-1196

CVE-2005-1196: SQL injection in phpBB Knowledge Base module kb.php via the cat parameter due to improper input sanitization. This allows remote attackers to modify SQL queries and potentially access sensitive data. Affected component is the Knowledge Base module for phpBB; the vulnerability is do...

7.5CVSS7.5AI score0.0198EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2005/04/21 4:0 a.m.57 views

CVE-2001-1472

The CVE-2001-1472 entry describes a SQL injection in phpBB 1.4.0/1.4.1 through prefs.php via the viewemail parameter. This allows remote authenticated users to execute arbitrary SQL commands and gain administrative access. Affected: phpBB 1.4.0 and 1.4.1; vulnerability originates from the handlin...

4.6CVSS8.5AI score0.02578EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder