iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB Arbitrary File Disclosure Vulnerability

phpBB Group phpBB Arbitrary File Disclosure Vulnerability iDEFENSE Security Advisory 02.22.05 www.idefense.com/application/poi/display?id=204&type=vulnerabilities February 22, 2005 I. BACKGROUND phpBB is an open source bulletin board package written in the PHP web scripting language. More...

CVE-2005-0259

phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file...

List of all admin accounts in phpBB

After discovering 'highlight' vulnerability in phpBB, many forums were patched, but... it is possible that attackers created a secret admin accounts... It is very hard to find secret admin accounts if the forum has too many users... you must check every account... So, here is a simple PHP script,...

CVE-2004-2358

Cross-site scripting XSS vulnerability in adminwords.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2004-1399

Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. dot dot in the filename...

phpBB Code EXEC (v2.0.10)

| | | | | | | | || | | | | | | | | |/ / / / | | | / | '| |/ / | | | | V V / | |/ / | | | | | |// // |/ ,|| || http://www.howdark.com ---------------------------------------------------------------------------------------------------------------------------------- // Information...

CVE-2004-0729

PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid 1 categoryrows parameter to index.php, 2 faq parameter to faq.php, or 3 ranksrow parameter to profile.php, which reveal the full path in an error message...

phpBB 2.0.4 - PHP Remote File Inclusion

phpBB 2.0.4 - PHP Remote File Inclusion // / phpBB 2.0.4 Remote AdminStyles.PHP ThemeInfo.CFG File Include / / / / Exploit made on June 2003 by Spoofed Existence / / / / Patch : http://www.phpbb.com/phpBB/viewtopic.php?t=113826 / // include include include include include int main //The socket...

phpBB Security Bugs

phpBB Security Bugs 2-18-2003 http://CGIshield.com Security Issue in phpBB 2.0,2.01, 2.02 Fixed in 2.03 phpBB, the most popular open source bulletin board software on the net, is vulnerable to a remotely exploitable SQL injection bug which allows stealing an administrator's password hash. With th...

phpBB 1.4 - SQL Query Manipulation

source: https://www.securityfocus.com/bid/3142/info phpBB is free, open-source, easy-to-use web forums software. An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service. This problem is due to improper...