FreeBSD : Critical SQL injection in phpBB (70f5b3c6-80f0-11d8-9645-0020ed76ef5a)

Anyone can get admin's username and password's md5 hash via a single web request. A working example is provided in the advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

FreeBSD : phpBB IP address spoofing (cfe17ca6-6858-4805-ba1d-a60a61ec9b4d)

The common.php script always trusts the X-Forwarded-For' header in the client's HTTP request. A remote user could forge this header in order to bypass any IP address access control lists ACLs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

phpBB < 3.0.4 Authentication Bypass Vulnerability

phpBB is prone to an authentication bypass vulnerability because it fails to properly enforce privilege requirements on some operations. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

phpBB Account Re-Activation Authentication Bypass Vulnerability

According to its version number, the remote version of phpbb is prone to an authentication-bypass vulnerability because it fails to properly enforce privilege requirements on some operations. Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which m...

CVE-2008-6507

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum...

CVE-2008-6506

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors...

CVE-2008-6506

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors...

CVE-2008-6507

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum...

Default credentials

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum...

CVE-2008-6506

CVE-2008-6506 affects phpBB prior to 3.0.4, enabling an authentication bypass that allows activating deactivated accounts via unknown vectors. The OpenVAS entry confirms an account activation bypass vulnerability in phpBB, with affected versions up to 3.0.3. Practical impact is unauthorized acces...

CVE-2008-6507

The vulnerability CVE-2008-6507 affects phpBB before 3.0.4, per multiple sources (NVD, Red Hat, Ubuntu, GHSA, osv) describing an unspecified information-disclosure issue related to the lack of password prompts for a private message quoting a post in a password-protected forum. Root cause: insuffi...

CVE-2008-6507

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum...

CVE-2008-6506

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors...

phpBB 'ucp.php' XSS Vulnerability

According to its version number, the remote version of phpbb is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. UPDATE March 13, 2009: The referenced BID is being retired because the issue cannot be exploited as described...

phpBB Forum Detection (HTTP)

HTTP based detection of phpBB. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100033";...

PHPBB 2.0.22 XSRF Exploit

Author: Dante90, WaRWolFz Crew Title: Exploit PhpBB = 2.0.22 Add User In A Group SWF Version By Dante90 0-Day Proof Of Concept: PhpBB 2.0.22 = CSRF Add user In Group By Vincy Change: ByPass HTTPREFERER Protection. MSN: [email protected] Web: www.warwolfz.org Exploit PhpBB = 2.0.22 Add User ...

Remote file inclusion

PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter...

CVE-2008-6377

PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter...

CVE-2008-6377

CVE-2008-6377 is a PHP remote file inclusion vulnerability in Multi SEO phpBB 1.1.0. The flaw exists in include/global.php and allows a remote attacker to execute arbitrary PHP code by supplying a URL in the pfad parameter, leading to potential compromise of the affected system. Affected product/...