2180 matches found
CVE-2003-0484
CVE-2003-0484 is an XSS vulnerability in phpBB's viewtopic.php where an attacker can inject arbitrary script via the topic_id parameter. Affected: phpBB (viewtopic.php); Impact: partial confidentiality, integrity, and availability concerns at the browser level due to script execution. CVSS2 base ...
CVE-2003-0486
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topicid parameter...
CVE-2003-0486
The CVE covers a SQL injection in phpBB's viewtopic.php (topic_id parameter) affecting phpBB 2.0.5 and earlier. The root cause is improper handling of user-supplied topic_id, enabling an attacker to exfiltrate password hashes. Connectivity details in the provided documents indicate risk of remote...
CVE-2003-0484
Cross-site scripting XSS vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topicid parameter...
XSS Exploit In phpBB viewtopic.php
XSS Exploit In phpBB viewtopic.php A: BACKGROUND from phpbb.com phpBB is a high powered, fully scalable, and highly customisable open- source bulletin board package. phpBB has a user-friendly interface, simple and straightforward administration panel, and helpful FAQ. Based on the powerful PHP...
phpBB password disclosure by sql injection
Hi There is sql injection vuln in phpBB. The variable "topicid" is passed directly from GET to sql query in /viewtopic.php. It can be used to get md5 passwords for users. I am attaching details and proof of concept code. I've only tested this on mysql 4 and pgsql at my home machines so I might ha...
phpBB 2.0.5 SQL Injection password disclosure Exploit
Exploit for unknown platform in category web applications ===================================================== phpBB 2.0.5 SQL Injection password disclosure Exploit ===================================================== !/usr/bin/perl -w phpBB password disclosure vuln. - rick patel There is a sql...
phpBB 2.0.5 SQL Injection password disclosure Exploit
No description provided by source. !/usr/bin/perl -w phpBB password disclosure vuln. - rick patel There is a sql injection vuln which exists in /viewtopic.php file. The variable is $topicid which gets passed directly to sql server in query. Attacker could pass a special sql string which can used ...
phpBB 2.0.5 - SQL Injection Password Disclosure
phpBB 2.0.5 - SQL Injection Password Disclosure !/usr/bin/perl -w phpBB password disclosure vuln. - rick patel There is a sql injection vuln which exists in /viewtopic.php file. The variable is $topicid which gets passed directly to sql server in query. Attacker could pass a special sql string...
phpBB 2.0.5 - SQL Injection Password Disclosure
!/usr/bin/perl -w phpBB password disclosure vuln. - rick patel There is a sql injection vuln which exists in /viewtopic.php file. The variable is $topicid which gets passed directly to sql server in query. Attacker could pass a special sql string which can used to see md5 password hash for any us...
phpBB viewtopic.php topic_id Parameter SQL Injection
There is a flaw in the version of phpBB hosted on the remote web server that may allow anyone to inject arbitrary SQL commands, which could in turn be used to gain administrative access on the remote host or to obtain the MD5 hash of the password of any user. %NASLMINLEVEL 70300 C Tenable Network...
CVE-2002-0473
db.php in phpBB 2.0 aka phpBB2 RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbbrootpath parameter...
CVE-2002-0473
CVE-2002-0473 : The vulnerability affects db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier. The phpbb_root_path parameter enables remote attackers to execute arbitrary code from remote servers. This is a remote code execution issue in phpBB2 prior to the fixed version; no exploit details are pro...
CVE-2002-1537
adminugauth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling adminugauth.php with modifed form fields such as "u"...
phpBB Security Bugs
phpBB Security Bugs 2-18-2003 http://CGIshield.com Security Issue in phpBB 2.0,2.01, 2.02 Fixed in 2.03 phpBB, the most popular open source bulletin board software on the net, is vulnerable to a remotely exploitable SQL injection bug which allows stealing an administrator's password hash. With th...
phpBB SQL Injection vulnerability
phpBB SQL Injection vulnerability PROGRAM: phpBB VENDOR: phpBB Group HOMEPAGE: http://www.phpbb.com/ VULNERABLE VERSIONS: 2.0.3, possibly others IMMUNE VERSIONS: 2.0.4 LOGIN REQUIRED: yes DESCRIPTION: "phpBB is a UBB-style dissussion board written in PHP backended by a MySQL database. It includes...
phpBB 2.0.3 - 'privmsg.php' SQL Injection
source: https://www.securityfocus.com/bid/6634/info A SQL injection vulnerability has been reported for phpBB2 systems that may result in the deletion of all private messages. phpBB2, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries to...
CVE-2002-2255
Cross-site scripting XSS vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the searchusername parameter in searchuser mode...
CVE-2002-1894
Cross-site scripting XSS vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...
CVE-2002-2287
PHP remote file inclusion vulnerability in quickreply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbbrootpath parameter...