CVE-2019-13376

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...

phpBB < 3.2.8 Multiple Vulnerabilities

phpBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; ifdescription...

XKCD Forum Hacked – Over 562,000 Users' Account Details Leaked

XKCD—one of the most popular webcomic platforms known for its geeky tech humor and other science-laden comic strips on romance, sarcasm, math, and language—has suffered a data breach exposing data of its forum users. The security breach occurred two months ago, according to security researcher Tr...

phpBB: CSS injection via BB code tag "█████"

The input to the "█████" BBcode tag is not properly filtered. It gets converted into a CSS style attribute for a span HTML element. Quotes " are removed, so there's no way to break out of the CSS style attributed. However it is possible to arbitrarily dress the resulting span element. To illustra...

Server-Side Request Forgery (SSRF)

phpbb/phpbb is vulnerable to server-side request forgery SSRF. A remote attacker is able to send requests on behalf of the server via the remote avatar upload function. This allows for the discovery of and access to services running on the host, resulting in bypass of firewall rules or potentiall...

phpBB < 3.2.6 Multiple Vulnerabilities

phpBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; ifdescription...

CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

UBUNTU-CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

Server side request forgery (ssrf)

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

CVE-2019-11767

Summary of CVE-2019-11767: A server-side request forgery (SSRF) vulnerability in phpBB prior to 3.2.6. The issue, triggered via the remote avatar upload function, enables an attacker to check for the existence of files and services on the host’s local network. Affected software: phpBB versions be...

CVE-2019-11767

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

phpBB cross-site request forgery vulnerability (CNVD-2019-13384)

phpBB is a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A cross-site request forgery vulnerability exists in phpBB versions prior to 3.2.6. The vulnerability stems from a web application...

phpBB 3.2.5 Denial Of Service Vulnerability

Vulnerability information ========================= Title: phpBB Native Fulltext Search denial of service CVE ID: CVE-2019-9826 CVSSv3 score: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Vulnerability description ========================= Improper input validation in the Native Fulltext Search compone...

CVE-2019-9826

The fulltext search component in phpBB before 3.2.6 allows Denial of Service...

Denial of service

The fulltext search component in phpBB before 3.2.6 allows Denial of Service...

CVE-2019-9826

The fulltext search component in phpBB before 3.2.6 allows Denial of Service...

CVE-2019-9826

The fulltext search component in phpBB before 3.2.6 allows Denial of Service...

CVE-2019-9826

The fulltext search component in phpBB before 3.2.6 allows Denial of Service...