CVE-2002-0533

CVE-2002-0533 affects phpBB 1.4.4 and earlier. The vulnerability lies in how BBCode handling processes [code] tags, allowing remote attackers to trigger CPU-based DoS and corrupt the database by inserting null ASCII 0 characters. The existing records indicate the issue and affected family, but th...

CVE-2002-0475

The CVE-2002-0475 entry describes a cross-site scripting (XSS) vulnerability in phpBB versions 1.4.4 and earlier. The flaw allows remote attackers to cause arbitrary JavaScript execution on a user’s browser by embedding a script inside an IMG tag while editing a message. Affected software is phpB...

CVE-2002-0475

Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message...

CVE-2002-0533

phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

wbboard 1.1.1 Cross Site Scripting Vulnerability

wbboard 1.1.1 Cross Site Scripting Vulnerability - ------------------------- Affected program : wbboard 1.1.1 is a phpBB-like PHP forum Vendor : http://www.woltlab.de/ Vulnerability-Class : Cross Site Scripting CSS OS specific : No Problem-Type : Joke severity : No risk SUMMARY 1.WBBoard allowed ...

Burning Board 1.1.1 - URL Manipulation

Burning Board 1.1.1 - URL Manipulation source: https://www.securityfocus.com/bid/4512/info Burning Board is web forum software. It is written in PHP, back-ended by MySQL, and will run on most Unix and Linux variants as well as Microsoft Windows. An attacker may allegedly create a malicious link...

(WSS-Advisories-02003) PHPBB BBcode Process Vulnerability

WSS-Advisories-02003 PHPBB BBcode Process Vulnerability Release infomation ------------------ Release Date: 2001-4-4 Author: By Whitecell Security SystemsWSS tombkeeper [email protected] alert7 [email protected] Homepage: http://www.whitecell.org/ Impact: -------- WSS has found a...

[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability

------------------------------------------------------------ itcp advisory 5 [email protected] http://www.it-checkpoint.net/advisory/5.html March 21th, 2002 - ------------------------------------------------------------ phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability...

CVE-2001-1482

SQL injection vulnerability in bbmemberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable...

phpBB 1.4.2, Remote user is able to modify SQL query.

Hi, there is a a potential security problem in the current version 1.4.2 and previous versions of phpBB http://www.phpbb.com. A remote user is able to modify a string passed as a SQL query to the MySQL database. The problem exists in the file bbmemberlist.php. A string called $sortby is supplied...

phpBB does not adequately validate user input thereby allowing user to gain escalated privileges via manipulated SQL query

Overview phpBB is an open-source bulletin board program. There exists a user input validation problem with regard to the parsing of the URL. An intruder can excute limited SQL queries and gain administrative privileges on the bulletin board. Description phpBB has a user input validation problem...

phpBB does not adequately validate user input for language selection thereby allowing user to execute arbitrary php code

Overview phpBB is an open-source bulletin board program. A user input validation problem exists with regard to language settings. An intruder can excute arbitrary php code and gain a shell with the privileges of the web server on the system. Description Version 1.4.0 and earlier have a user input...

Easily and Remotely Pipe a Covert Shell on phpBB version 1.4.0 and below

note to editors: please leave all links intact. Easily and Remotely Pipe a Covert Shell on phpBB version 1.4.0 and below found and written by: [email protected] http://www.modernhacker.com phpBB, is an open source bulletin board created by the phpBB group phpbb.com . Versions 1.4.0 and belo...

phpBB 1.4.0 bug leads to easy admin privileges

-New phpBB 1.4.x exploit phpBB, is an open source bulletin board created by the phpBB group. Version 1.4.x of phpBB has a variable input validation problem that can lead to limited arbitrary sql querys including gaining administrative access to the board. The problem lies in the fact that phpBB...

CVE-2001-1472

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter...

phpBB 1.4 - SQL Query Manipulation

phpBB 1.4 - SQL Query Manipulation source: https://www.securityfocus.com/bid/3142/info phpBB is free, open-source, easy-to-use web forums software. An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service...

phpBB 1.4 - SQL Query Manipulation

source: https://www.securityfocus.com/bid/3142/info phpBB is free, open-source, easy-to-use web forums software. An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service. This problem is due to improper...

CVE-2001-1471

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables 1 $lstatsblock in prefs.php or 2 $lprivnotify in auth.php from being properly initialized, which can be modified by the user and later...

phpBB 1.x - Page Header Arbitrary Command Execution

phpBB 1.x - Page Header Arbitrary Command Execution source: https://www.securityfocus.com/bid/3167/info An input validation error exists in phpBB, a freely available WWW forums package. The problem is due to improper validation of some variables in phpBB. It is possible for users registered with...

phpBB 1.x - Page Header Arbitrary Command Execution

source: https://www.securityfocus.com/bid/3167/info An input validation error exists in phpBB, a freely available WWW forums package. The problem is due to improper validation of some variables in phpBB. It is possible for users registered with the phpBB system to submit values for certain...