CVE-2017-1000419

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...

Server side request forgery (ssrf)

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...

CVE-2017-1000419

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...

CVE-2017-1000419

CVE-2017-1000419 affects phpBB 3.2.0. The vulnerability is a Server-Side Request Forgery (SSRF) in the Remote Avatar function that allows an attacker to perform port scanning and request internal content through the web application, potentially enabling access to internal services. The connected ...

CVE-2017-1000419

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...

phpBB < 3.0.14, 3.1.x < 3.1.4 Open Redirect Vulnerability

phpBB is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; ifdescription...

Open Redirect

phpBB is vulnerable to open redirects. The library does not properly check user input URLs, allowing a malicious user to redirect users using the Google Chrome Browser to a malicious website...

CVE-2015-3880

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2015-3880

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors...

UBUNTU-CVE-2015-3880

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors...

Open redirect

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2015-3880

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2015-3880

CVE-2015-3880 refers to an Open Redirect vulnerability in phpBB prior to 3.0.14 and in 3.1.x prior to 3.1.4. Root cause is improper validation of user-supplied URLs, enabling an attacker to redirect victims (e.g., Chrome users) to arbitrary sites and facilitate phishing. Patches are available: ph...

phpBB < 3.1.11, 3.2.x < 3.2.1 Multiple Vulnerabilities

phpBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpbb:phpbb"; if description...

phpBB 3.2.0 Server Side Request Forgery

phpBB version 3.2.0 suffers from a server-side request forgery vulnerability. ======================================================================= title: Server Side Request Forgery Vulnerability product: phpBB vulnerable version: 3.2.0 fixed version: 3.2.1 CVE number: impact: Medium homepage:...

phpBB 3.2.0 Server Side Request Forgery

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Server Side Request Forgery Vulnerability product: phpBB vulnerable version: 3.2.0 fixed version: 3.2.1 CVE number: impact: Medium homepage: https://www.phpbb.com/ found:...

Cross-site Request Forgery (CSRF)

phpbb/phpbb is vulnerable to cross-site request forgery CSRF attacks. These attacks are possible because the library does not correctly validate the form key in the messageoptions function in includes/ucp/ucppmoptions.php...

Cross-Site Scripting (XSS)

Phpbb is vulnerable to cross-site scripting XSS attacks. The attacks are possible because includes/startup.php does not sanitize the user-supplied input which allows trailing paths to be injected through "Relative Path Overwrite."...

phpbb.com XSS vulnerability

Vulnerable URL: https://www.phpbb.com/community/ucp.php?i=ucpprofile=profileinfo Details: Description| Value ---|--- Patched:| Yes, at 16.10.2017 Latest check for patch:| 16.10.2017 05:34 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 46000 VIP website status:|...

phpbb server-side request forgery vulnerability

phpBB is phpBB group developed a set of open-source use of PHP language development of Web forum software . The software has support for multiple languages , support for multiple databases and customized layout and so on. phpBB server-side request forgery vulnerability exists. Attackers can use...