EUVD-2006-0071

Malware in sbrugna...

CVE-2007-1695

PHP remote file inclusion vulnerability in includes/usercpregister.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant...

CVE-2007-1695

PHP remote file inclusion vulnerability in includes/usercpregister.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/usercpregister.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant...

CVE-2007-1695

CVE-2007-1695 affects phpBB 2.0.19. The vulnerability is a PHP remote file inclusion in includes/usercp_register.php , enabling remote attackers to execute arbitrary PHP code via a URL provided to the phpbb_root_path parameter. The root cause, per provided descriptions, is insufficient validation...

CVE-2007-1695

PHP remote file inclusion vulnerability in includes/usercpregister.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant...

Remote File Include In phpBB-2.0.19

By Hasadya Raed Contact : [email protected] | Israel -------------------------------------------------- Script : phpBB-2.0.19 Dork : phpBB-2.0.19 -------------------------------------------------- B.File : usercpregister.php -------------------------------------------------- V.Code :...

CVE-2006-1775

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...

Cross site scripting

Cross-site scripting XSS vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the curpassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1603

The CVE-2006-1603 entry concerns a Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, exploitable through the cur_password parameter in profile.php. The affected software is phpBB 2.0.19, and the vulnerability is triggered via user-supplied input that can inject arbitrary script/HTML into ...

CVE-2006-0632

The genrandstring function in phpBB 2.0.19 uses insufficiently random data small value space to create the activation key "validation ID" that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or...

Design/Logic Flaw

The genrandstring function in phpBB 2.0.19 uses insufficiently random data small value space to create the activation key "validation ID" that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode IMG are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to 1 admin/adminusers.php and 2...

Cross site scripting

Cross-site scripting XSS vulnerability in adminsmilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the 1 smileurl or 2 smileemotion parameters, which bypasses a check for "" characters...

CVE-2006-0438

Cross-site request forgery CSRF vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode IMG are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to 1 admin/adminusers.php and 2...

CVE-2006-0437

Cross-site scripting XSS vulnerability in adminsmilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the 1 smileurl or 2 smileemotion parameters, which bypasses a check for "" characters...

CVE-2006-0438

Cross-site request forgery CSRF vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode IMG are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to 1 admin/adminusers.php and 2...

CVE-2006-0437

CVE-2006-0437 describes a cross‑site scripting (XSS) vulnerability in phpBB 2.0.19, specifically in admin_smilies.php. The issue allows remote attackers to inject arbitrary web script or HTML by supplying crafted values in the smile_url or smile_emotion parameters (via Javascript events like onmo...

CVE-2006-0438

CVE-2006-0438 is a CSRF vulnerability in phpBB 2.0.19 where enabling Link to off-site Avatar or bbcode (IMG) allows an attacker to perform actions as a logged-in user via a link or image in a profile (e.g., admin/admin_users.php, modcp.php). The NVD entry lists a CVSSv2 base score of 5.0 (Medium)...

phpBB 2.0.19 (Style Changer/Demo Mod) SQL Injection Exploit

No description provided by source. !/usr/bin/perl | | | \ | | |/ phpBB Style Changer/Demo Mod--GET HASH EXPLOIT Created By SkOd SED security Team http://www.sed-team.be [email protected] ISRAEL google: "Powered by phpBB" inurl:"index.php?s" OR inurl:"index.php?style" use IO::Socket; if @ARGV 3...