28 matches found
CVE-2025-70811
Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...
EUVD-2004-2046
Malware in sbrugna...
EUVD-2022-3403
Malicious code in bioql PyPI...
CVE-2019-16993
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
phpBB: Server Side Request Forgery in 'Jabber settings' in Admin Control Panel
Overview The 'Jabber settings' panel inside the Administrator Control Panel can be used to access resources that would otherwise only be accessible by the host machine, including resources/services hosted on the localhost interface. This can be performed by setting the 'jabber server' parameter t...
PT-2020-18483 · Phpbb Limited · Phpbb
Name of the Vulnerable Software and Affected Versions: phpBB version 3.2.8 Description: The issue allows for a CSRF attack, enabling the approval of pending group memberships without proper authorization. Recommendations: For phpBB version 3.2.8, update to a newer version that contains a fix for...
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...
UBUNTU-CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...
CVE-2017-1000419
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application...
Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search)
No description provided by source. /usr/bin/perl use IO::Socket; use LWP::Simple; @vul = ; $a=0; $numero = int rand999; $site = search.aol.com; $procura = viewtopic.php%3Ft%3D$numero; for$n=0;$n90;$n += 10 $sock = IO::Socket::INET-newPeerAddr=$site,PeerPort=80,Proto=tcp or next; print $sock GET...
phpBB 2.0.19 - 'user_sig_bbcode_uid' Remote Code Execution
!/usr/bin/perl r57phpbba2e2.pl - phpBB admin 2 exec exploit version 2 based on usersigbbcodeuid bug tested on 2.0.12 , 2.0.13 , 2.0.19 -------------------------------------------- screen r57phpbba2e2.pl -u http://192.168.0.2/phpBB-2.0.19/ -L admin -P password Command for execute or 'exit' for exi...
phpBB <= 2.0.19 (user_sig_bbcode_uid) Remote Code Execution Exploit
Exploit for unknown platform in category web applications =================================================================== phpBB new or die; $cookiejar = HTTP::Cookies-new; $xpl-cookiejar $cookiejar ; $xpl-proxy'http'='http://'.$proxy if $proxy; $ids = 'IDS:r57 phpBB2 exploit...
phpBB <= 2.0.18 Remote XSS Cookie Disclosure Exploit
No description provided by source. / phpBB = 2.0.18 XSS Cookie Disclosure Proof of Concept -- 'the html is on exploit' original exploit by: cXIb8O3 - 12/16/2005 proof of concept by: jet -- http://jet.carbon-4.net/ develop a pure, lucid mind, not depending upon sound, flavor, touch, odor, or any...
phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-
----------------------------------- phpBB 2.0.12 Session Handling Administrator Authentication Bypass EXPLOIT -SIMPLIFIED- - By PPC^Rebyte ----------------------------------- 03maa2005 NEDERLANDSE VERSIE ONDERAAN / DUTCH VERSION BELOW ENGLISH VERSION Status phpBB has already been informed about...
phpBB <= 2.0.12 Session Handling Authentication Bypass (tutorial)
No description provided by source. 1. Register at forum? 2. Log in with account + UNCHECK "Log in automatically" 3. Close browser to be sure a cookie is made. 4. Locate cookie firefox: X:\Documents and Settings\Name\Application Data\Mozilla\Firefox\Profiles\profile.default\cookies.txt -- search t...
phpBB 2.0.x - Authentication Bypass (2)
source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to any...
CVE-2004-1809
Cross-site scripting XSS vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 postdays parameter to viewtopic.php or 2 topicdays parameter to viewforum.php...
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Information Leak
// Compiled version: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/697.rar phpbbmemorydump.rar // Source serv.cpp is at the bottom of the page - str0ke // Notes from author: // compile with borland c++ freecommandlinetools : // bcc32 -c serv.cpp // bcc32...
phpBB v1.0.0 - 2.0.10 admin_cash.php remote exploit
Exploit for unknown platform in category web applications =================================================== phpBB v1.0.0 - 2.0.10 admincash.php remote exploit =================================================== / exploit for phpBB 1.0.0 - 2.0.10 edit the b4b0.php file with the correct url to yo...
CVE-2004-2055
Cross-site scripting XSS vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the searchauthor parameter...