EUVD-2006-6491

Malware in sbrugna...

phpBB 2.0.21 Privmsg.PHP HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22001/info phpBB is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code...

CVE-2006-6508

CVE-2006-6508 is a Cross-site request forgery (CSRF) affecting phpBB 2.0.21. The issue allows a remote authenticated user to perform actions (send unauthorized messages as another user) via unspecified vectors. Root cause details are not fully disclosed in the provided documents, but Debian/DSA-1...

phpNULL.txt

Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Original advisory in Russian: http://www.security.nnov.ru/Odocument221.html Poison NULL byte vulnerability for perl CGI applications was described in 1...

CVE-2006-4367

The CVE-2006-4367 issue affects phpBB 2.0.21 with the All Topics Hack 1.5.0 and earlier, where alltopics.php is vulnerable to SQL injection via the start parameter. The underlying cause is an insecure handling of the start input, enabling an attacker to manipulate SQL execution remotely. Public r...

XSS phpBB 2.0.21 in administration

phpBB 2.0.21 XSS in administration //-- By Blwood [email protected] //-- http://www.blwood.net //-- Style Admin ----------- Management & Create a theme Lots of input are not properly "filtrate" like stylename, headstylesheet, bodybackground, trcolor1name all the input in simple name... We cand...