CVE-2005-0614

sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie...

CVE-2005-0614

Affected software/component: phpBB (versions

GLSA-200503-02 : phpBB: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200503-02 phpBB: Multiple vulnerabilities It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the...

CVE-2005-0603

The CVE-2005-0603 entry concerns phpBB up to version 2.0.12 where the viewtopic.php endpoint mishandles the highlight parameter containing invalid regular expression syntax. This causes a PHP error message that reveals the installation path, constituting a path disclosure vulnerability. Affected ...

CVE-2005-0603

viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message...

phpBB: Multiple vulnerabilities

Background phpBB is an Open Source bulletin board package. Description It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the "Enable remote avatars" and "Enable avata...

CVE-2005-0603

viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message...

phpBB 2.0.x - Authentication Bypass (1)

phpBB 2.0.x - Authentication Bypass 1 // source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerabilit...

phpBB <= 2.0.12 Multiple Vulnerabilities

The remote host is running a version of phpBB that suffers from a session handling flaw allowing a remote attacker to gain access to any account, including that of an administrator. Also, there is a path disclosure bug in 'viewtopic.php' that can be exploited by a remote attacker to reveal...

[SA14413] phpBB &quot;autologinid&quot; Security Bypass

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...

PT-2005-1651 · Phpbb · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.12 and earlier Description: The issue allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax in the "viewtopic.php" API endpoint. This reveals the path...

phpBB 2.0.x - Authentication Bypass (2)

phpBB 2.0.x - Authentication Bypass 2 source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability...

phpBB 2.0.x - Authentication Bypass (1)

// source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to...

phpBB 2.0.x - Authentication Bypass (3)

source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to any...

phpbb -- Insuffient check against HTML code in usercp_register.php

Neo Security Team reports: If we specify a variable in the html code any type: hidden, text, radio, check, etc with the name allowhtml, allowbbcode or allowsmilies, is going to be on the html, bbcode and smilies in our signature. This is a low risk vulnerability that allows users to bypass...

phpBB < 2.0.13 Cookie Authentication Bypass

Binary data 2658.prm...

phpBB 2.0.x - Authentication Bypass (2)

source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to any...

phpBB 2.0.x - Authentication Bypass (3)

phpBB 2.0.x - Authentication Bypass 3 source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability...

-==phpBB 2.0.12 Full path disclosure==-

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 06 - 25/02/05 -------------------------------------------------------- Program: phpBB 2.0.12 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.12 & Lower versions Risk: Low Risk!! Impact: Full...

phpbb -- privilege elevation and path disclosure

The phpbb developer group reports: phpBB Group announces the release of phpBB 2.0.13, the "Beware of the furries" edition. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to...