CVE-2006-0632

The genrandstring function in phpBB 2.0.19 uses insufficiently random data small value space to create the activation key "validation ID" that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or...

phpBB < 2.0.16 viewtopic.php Arbitrary Code Execution

Binary data 3038.prm...

phpBB up.php Arbitrary File Upload

The installed version of phpBB on the remote host includes a file upload script intended as a way for users to upload files that they can then link to in their posts. The script, however, does not require authentication, makes only a limited check of upload file types, and stores uploads in a kno...

[SA14413] phpBB &quot;autologinid&quot; Security Bypass

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...

CVE-2004-2358

Cross-site scripting XSS vulnerability in adminwords.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter...

phpBB Security Bugs

phpBB Security Bugs 2-18-2003 http://CGIshield.com Security Issue in phpBB 2.0,2.01, 2.02 Fixed in 2.03 phpBB, the most popular open source bulletin board software on the net, is vulnerable to a remotely exploitable SQL injection bug which allows stealing an administrator's password hash. With th...

phpBB 1.4 - SQL Query Manipulation

source: https://www.securityfocus.com/bid/3142/info phpBB is free, open-source, easy-to-use web forums software. An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service. This problem is due to improper...