CVE-2002-2346

phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses...

CVE-2002-1707

install.php in phpBB 2.0 through 2.0.1, when "allowurlfopen" and "registerglobals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbbrootdir parameter to reference a URL on a remote web server that contains the code...

Cross-site Scripting Vulnerability in phpBB 2.0.3

Hello : here is the code ---------------- html body form method="post" name="search" action="http://target/search.php?mode=searchuser" input type="hidden" name="searchusername" value=""/ /form SCRIPT...

phpBB 2.0.3 - 'search.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/6311/info phpBB is vulnerable to cross site scripting attacks. This is due to insufficient santization of user-supplied input. The problem is located in the search.php script. This issue may be exploited by an attacker to steal a legitimate users...

phpBB 2.0.3 - search.php Cross-Site Scripting

phpBB 2.0.3 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6311/info phpBB is vulnerable to cross site scripting attacks. This is due to insufficient santization of user-supplied input. The problem is located in the search.php script. This issue may be exploited by an...

[Sec-Tec Advisory] Local scripting vulnerability in phpBB

Application: phpBB2 Vendor : http://www.phpbb.com Problem : Insufficient filtering of user input Usability : Easy Severity : Medium Report by : Pete Foster, Sec-Tec Ltd http://www.sec-tec.com The Product From vendors site: phpBB is a high powered, fully scalable, and highly customisable open-sour...

phpBB 2.0.3 - Script Injection

source: https://www.securityfocus.com/bid/6248/info phpBB does not properly sanitize user input in forum postings. This could allow a malicious user to inject script code into a forum post which would in turn be executed when the page is viewed by other users. Script code would be executed in the...

phpBB 2.0.3 - Script Injection

phpBB 2.0.3 - Script Injection source: https://www.securityfocus.com/bid/6248/info phpBB does not properly sanitize user input in forum postings. This could allow a malicious user to inject script code into a forum post which would in turn be executed when the page is viewed by other users. Scrip...

phpBB Advanced Quick Reply Hack 1.01.1 - Remote File Inclusion

phpBB Advanced Quick Reply Hack 1.01.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/6173/info The phpBB Advanced Quick Reply Hack is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence t...

Code Injection in phpBB Advanced Quick Reply Mod

Software: phpBB Advanced Quick Reply Mod I've found a security hole in this sofware Code Injection. You can download this software at http://phpbbhacks.com/viewhack.php?id=586 Hackers can exploit this Mod to inject some shell code to hack your forum, your website or your server local exploit...

phpBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Inclusion

source: https://www.securityfocus.com/bid/6173/info The phpBB Advanced Quick Reply Hack is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the include path for 'extension.inc' in the 'quickreply.php'...

Privilege Escalation Vulnerability In phpBB 2.0.0

Privilege Escalation Vulnerability In phpBB 2.0.0 ------------------------------------------------- Rootsecure.net recently found a privilege escalation vulnerability in "phpBB 2.0.0" which allows any person with a "user" level account to escalate their privileges to that of "administrator" level...

CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 phpBB2 allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote " in the IMG tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects th...

CVE-2002-0902

CVE-2002-0902 describes a cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2). An attacker can cause script execution in other phpBB users’ browsers by inserting a http:// and a double-quote (") into an IMG tag, bypassing phpBB’s security check, which terminates the src parameter of the IM...

CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 phpBB2 allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote " in the IMG tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects th...

CVE-2002-0475

Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message...

CVE-2002-0473

db.php in phpBB 2.0 aka phpBB2 RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbbrootpath parameter...

CVE-2002-0533

phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

phpBB/gender mod allows get admin privilege, exploit/patch

Annoucement: Sua loi thay doi quyen user trong phpbb2.x In phpBB with the official Gender Mod, this vuln allows a normal user set her/himself to become a forum administrator. Nguoi viet/Author: PTTrung http://hackervn.net caothuvolam http://viethacker.net langtuhaohoa [email protected]...

malicious PHP source injection in phpBB

JCC Security Advisory June 16, 2002 malicious PHP source injection in phpBB Description phpBB is one of popular PHP bulletin board systems. When allowurlfopen = On and registerglobals = On in php.ini, phpBB has vulnerability because install.php contains dangerous codes. So an attacker can include...