2180 matches found
phpBB vulnerable to file disclosure
Overview The phpBB input validation methods may fail to sanitize user input resulting in a disclosure of arbitrary file data. Description phpBB is a customizable open source bulletin board package. It contains functionality that allows users to specify graphic files for use as "avatars." These...
iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB2 Arbitrary File Unlink Vulnerability
phpBB Group phpBB2 Arbitrary File Unlink Vulnerability iDEFENSE Security Advisory 02.22.05 www.idefense.com/application/poi/display?id=205&type=vulnerabilities February 22, 2005 I. BACKGROUND phpBB is an open source bulletin board package written in the PHP web scripting language. More informatio...
PHPBB 2.0.12 bug
PHPBB 2.0.12 is vulnable again to a path disclosure bug.And again the bug is in viewtopic.php.I wont repeat my firs submition so here is the bug: http://localhost/forum/viewtopic.php?t=4&highlight= As you can see you just need a valid topic.Here is a nother example:...
iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB Arbitrary File Disclosure Vulnerability
phpBB Group phpBB Arbitrary File Disclosure Vulnerability iDEFENSE Security Advisory 02.22.05 www.idefense.com/application/poi/display?id=204&type=vulnerabilities February 22, 2005 I. BACKGROUND phpBB is an open source bulletin board package written in the PHP web scripting language. More...
phpBB <= 2.0.11 Multiple Vulnerabilities
The remote host is running phpBB version 2.0.11 or older. Such versions suffer from multiple vulnerabilities: - full path display on critical messages. - full path disclosure in username handling caused by a PHP 4.3.10 bug. - arbitrary file disclosure vulnerability in avatar handling functions. -...
CVE-2005-0259
CVE-2005-0259 affects phpBB 2.0.11 (and possibly other versions) where enabling remote avatars and avatar uploading allows local users to read arbitrary files by providing both a local and remote avatar location and setting the “Upload Avatar from a URL:” field to reference the target file. Root ...
CVE-2005-0258
CVE-2005-0258 is a directory traversal vulnerability in phpBB 2.0.11 (and possibly later versions) affecting the avatar handling paths when Gallery avatars are enabled. The issue resides in the code paths for usercp_avatar.php and usercp_register.php , where remote input can be manipulated with “...
CVE-2005-0259
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file...
CVE-2005-0258
Directory traversal vulnerability in 1 usercpregister.php and 2 usercpavatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete unlink arbitrary files via "/../" sequences in the avatarselect parameter...
phpbb -- multiple vulnerabilities
phpBB is vulnerable to remote exploitation of an input validation vulnerability allows attackers to read the contents of arbitrary system files under the privileges of the webserver. This also allows remote attackers to unlink arbitrary system files under the privileges of the webserver...
phpBB < 2.0.12 Path Disclosure / Unauthorized unlink() Function Access
Binary data 2641.prm...
phpbb -- multiple information disclosure vulnerabilities
psoTFX reports: phpBB Group are pleased to announce the release of phpBB 2.0.12 the "Horray for Furrywood" release. This release addresses a number of bugs and a couple of potential exploits. ... one of the potential exploits addressed in this release could be serious in certain situations and th...
[SA14362] phpBB Avatar Functions Information Disclosure and Deletion
TITLE: phpBB Avatar Functions Information Disclosure and Deletion SECUNIA ADVISORY ID: SA14362 VERIFY ADVISORY: http://secunia.com/advisories/14362/ CRITICAL: Moderately critical IMPACT: Manipulation of data, Exposure of sensitive information WHERE: From remote SOFTWARE: phpBB 2.x...
CVE-2004-1535
PHP remote file inclusion vulnerability in admincash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbbrootpath parameter to reference a URL on a remote web server that contains the code...
CVE-2004-1535
The CVE-2004-1535 issue affects the Cash Mod for phpBB, where admin_cash.php is vulnerable to remote file inclusion via the phpbb_root_path parameter, allowing an attacker to instruct the server to include PHP code from a remote URL and execute arbitrary code. This results in remote code executio...
phpbb 2.0.11 bug
PHPBB 2.0.11 is vulnable to a path disclosure.All you need is a valid topic and for highlight put .Here is a sample: http://www.site.com/forum/viewtopic.php?t=2&highlight= Here is the messege you will get: Warning: Compilation failed: missing at offset 7 in c:appservwwwforumviewtopic.php1109 :...
Possible phpBB <=2.0.11 bug or sql injection?
Since phpbb's website says not to post it on their forum, I guess I'll post my findings here. http://www.phpbb.com/phpBB/search.php?searchauthor='fnfnfffffa,'cdf or http://www.phpbb.com/phpBB/search.php?searchauthor= It seems it has something to do with the the 's 's and length. I am not sure if...
CVE-2004-1399
The CVE-2004-1399 entry concerns the phpBB Attachment module (version 2.3.10 and earlier). The underlying issue is a directory traversal vulnerability where an attacker can cause a filename to include .. to read arbitrary files. Impact is described as partial confidentiality (read access) with no...
CVE-2004-1404
The CVE-2004-1404 entry concerns the Attachment Mod 2.3.10 module for phpBB when used with Apache mod_mime. The vulnerability arises from improper handling of files with double extensions (e.g., .php.rar), which can enable remote attackers to upload and execute arbitrary code on the server. The p...
CVE-2004-1404
Attachment Mod 2.3.10 module for phpBB, when used with Apache modmime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code...