2180 matches found
CVE-2004-0339
CVE-2004-0339 : A cross-site scripting (XSS) flaw exists in phpBB’s ViewTopic.php, affecting possibly 2.0.6c and earlier. The vulnerability allows an attacker to execute arbitrary script or HTML as other users via the postorder parameter. Other connected records corroborate the same description (...
phpBB 2.0.6d && Earlier Security Issues
Vendor : phpBB Group URL : http://www.phpbb.com Version : phpBB 2.0.6d && Earlier Risk : Cross Site Scripting Description: phpBB is a high powered, fully scalable, and highly customisable open-source bulletin board package. phpBB has a user-friendly interface, simple and straight forward...
[SCAN Associates Sdn Bhd Security Advisory] phpBB 2.0.6 and below sql injection
Products: phpBB 2.0.6 and below http://www.phpbb.com Found date: 4 January 2004 Publish date: 15 March 2004 Author: pokleyzz pokleyzzatscan-associates.net Contributors: skatscan-associates.net shaharilatscan-associates.net muniratscan-associates.net URL: http://www.scan-associates.net Summary:...
phpBBXSS206d.txt
Vendor : phpBB Group URL : http://www.phpbb.com Version : phpBB 2.0.6d && Earlier Risk : Cross Site Scripting Description: phpBB is a high powered, fully scalable, and highly customisable open-source bulletin board package. phpBB has a user-friendly interface, simple and straight forward...
phpBB < 2.0.7 Multiple XSS
There are cross-site scripting vulnerabilities in the files 'ViewTopic.php' and 'ViewForum.php' in the remote installation of phpBB. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid12093; scriptversion"1.27";...
phpBB 2.0.6d - Cross Site Scripting
phpBB 2.0.6d - Cross Site Scripting phpBB Cross Site Scripting Vendor: phpBB Group Product: phpBB Version: = 2.0.6d Website: http://www.phpbb.com/ BID: 9865 9866 Description: phpBB is a high powered, fully scalable, and highly customisable open-source bulletin board package. phpBB has a...
phpBB < 2.0.6d - Cross Site Scripting
phpBB Cross Site Scripting Vendor: phpBB Group Product: phpBB Version: = 2.0.6d Website: http://www.phpbb.com/ BID: 9865 9866 Description: phpBB is a high powered, fully scalable, and highly customisable open-source bulletin board package. phpBB has a user-friendly interface, simple and...
phpBB session table exhaustion
The includes/sessions.php unnecessarily adds session item into session table and therefore vulnerable to a denial-of-service attack...
New phpBB ViewTopic.php Cross Site Scripting Vulnerability
Advisory Name:New phpBB ViewTopic.php Cross Site Scripting Vulnerability Release Date: Feb 29,2004 Application: phpBB Platform: PHP Version Affected: the lastest version Vendor URL: http://www.phpbb.com/ Discover: Cheng Peng Suapplesoupatmsn.com Details: This vuln is similar to Arab VieruZ's...
phpBB 1.x2.0.x - search.php?search_results SQL Injection
phpBB 1.x2.0.x - search.php?searchresults SQL Injection source: https://www.securityfocus.com/bid/9883/info A vulnerability has been reported to exist in the software that may allow a remote user to inject malicious SQL syntax into database queries. The problem reportedly exists in one of the...
phpBB 1.x/2.0.x - 'search.php?search_results' SQL Injection
source: https://www.securityfocus.com/bid/9883/info A vulnerability has been reported to exist in the software that may allow a remote user to inject malicious SQL syntax into database queries. The problem reportedly exists in one of the parameters of the search.php script. This issue is caused b...
CVE-2003-1530
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark parameter...
CVE-2003-1373
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. dot dot sequences followed by NULL %00 characters in CGI parameters, as demonstrated using the lang parameter in prefs.php...
CVE-2003-1244
SQL injection vulnerability in pageheader.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forumid parameter to index.php...
SQL Injection in phpBB's groupcp.php
BugTraq, I have found an SQL injection vulnerability in phpBB. Hoever, I don't think this is going to be be a wide spread problem as it will only work if you are the moderator of a group. How the SQL injection works: In groupscp, it uses an array set to delete members from certain groups. This...
CVE-2003-1215
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sqlin parameter...
phpBB 2.0.6 - 'privmsg.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/9290/info phpBB is prone to a cross-site scripting vulnerability in the 'privmsg.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI parameters. This input will be included in...
phpBB 2.0.6 - privmsg.php Cross-Site Scripting
phpBB 2.0.6 - privmsg.php Cross-Site Scripting source: https://www.securityfocus.com/bid/9290/info phpBB is prone to a cross-site scripting vulnerability in the 'privmsg.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI...
phpBB 2.0.6 - search_id SQL Injection MD5 Hash
phpBB 2.0.6 - searchid SQL Injection MD5 Hash !/usr/bin/perl -w use IO::Socket; PROOF-OF-CONCEPT work only with mysql ver 4.0 work only with post 1 Example: C:\r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2 prepare to connect... + connected prepare to send data... + OK wait for response... + MD5 Hash for...
phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit
No description provided by source. !/usr/bin/perl -w use IO::Socket; PROOF-OF-CONCEPT work only with mysql ver 4.0 work only with post 1 Example: C:\r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2 prepare to connect... + connected prepare to send data... + OK wait for response... + MD5 Hash for user with id...