217 matches found
GLSA-200411-32 : phpBB: Remote command execution
The remote host is affected by the vulnerability described in GLSA-200411-32 phpBB: Remote command execution phpBB contains a vulnerability in the highlighting code and several vulnerabilities in the username handling code. Impact : An attacker can exploit the highlighting vulnerability to access...
CVE-2004-0339
Cross-site scripting XSS vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter...
phpBB <= 2.0.10 Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl use IO::Socket; @@@@@@@ @@@ @@@ @@@@@@ @@@ @@@ @@! @@@ @@! @@@ !@@ @@! @@@ @!@!!@! @!@ !@! !@@!! @!@!@!@! !!: :!! !!: !!! !:! !!: !!! : : : :.:: : ::.: : : : : phpBB = 2.0.10 remote commands exec exploit based on...
phpBB 2.0.10 - Remote Command Execution
!/usr/bin/perl use IO::Socket; @@@@@@@ @@@ @@@ @@@@@@ @@@ @@@ @@! @@@ @@! @@@ !@@ @@! @@@ @!@!!@! @!@ !@! !@@!! @!@!@!@! !!: :!! !!: !!! !:! !!: !!! : : : :.:: : ::.: : : : : phpBB = 2.0.10 remote commands exec exploit based on http://securityfocus.com/archive/1/380993/2004-11-07/2004-11-13/0...
phpBB viewtopic.php highlight Parameter SQL Injection (ESMARKCONANT)
The remote host is running phpBB. There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands in the login form. An attacker could exploit this flaw to bypass the authentication of the remote host or execute arbitrary SQL statements against the remote database...
phpBB 2.0.x - admin_cash.php PHP Remote File Inclusion
phpBB 2.0.x - admincash.php PHP Remote File Inclusion source: https://www.securityfocus.com/bid/11701/info A vulnerability is reported to exist in the phpBB CashMod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system...
phpBB 2.0.x - 'admin_cash.php' PHP Remote File Inclusion
source: https://www.securityfocus.com/bid/11701/info A vulnerability is reported to exist in the phpBB CashMod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system. Remote attackers could potentially exploit this issue vi...
CVE-2004-1315
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...
CVE-2002-1537
adminugauth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling adminugauth.php with modifed form fields such as "u"...
CVE-2004-0729
PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid 1 categoryrows parameter to index.php, 2 faq parameter to faq.php, or 3 ranksrow parameter to profile.php, which reveal the full path in an error message...
phpBB < 2.0.10 Multiple XSS
The remote host is running a version of phpBB older than 2.0.10. phpBB contains a flaw that allows a remote cross-site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'searchauthor' parameter. This version is also vulnerable to an HTTP...
phpBB < 2.0.9 Multiple Vulnerabilities
The remote host is running a version of phpBB older than 2.0.9. There is a flaw in the remote software that may allow anyone to inject arbitrary SQL commands, which may in turn be used to gain administrative access on the remote host or to obtain the MD5 hash of the password of any user. One...
phpBB 2.0.x - 'viewtopic.php' PHP Script Injection
source: https://www.securityfocus.com/bid/10701/info The 'viewtopic.php' phpBB script is prone to a remote PHP script injection vulnerability because the application fails to properly sanitize user-supplied URI parameters before using them to construct dynamically generated web pages. Exploiting...
FreeBSD : Critical SQL injection in phpBB (139)
The following package needs to be updated: phpbb %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg70f5b3c680f011d896450020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...
FreeBSD : phpBB IP address spoofing (140)
The following package needs to be updated: phpbb %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgcfe17ca668584805ba1da60a61ec9b4d.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...
FreeBSD Ports: phpBB < 2.0.8
The remote host has an old version of phpBB installed. phpBB is a PHP-based bulletin board. There is a cross-site scripting issue in the remote version of this software which may allow an attacker to damage the remote phpBB installation %NASLMINLEVEL 999999 @DEPRECATED@ This script has been...
phpBB 2.0.8a and lower - IP spoofing vulnerability
Advisory Name : phpBB 2.0.8a and lower - IP spoofing vulnerability Release Date : Apr 18, 2004 Application : phpBB Version : phpBB 2.0.8a and previous versions Platform : PHP Vendor URL : http://www.phpbb.com/ Author : Wang / SRR Project Group of Ready Response [email protected] Overview A...
CVE-2004-1950
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses...
phpBB 2.0.x - album_portal.php Remote File Inclusion
phpBB 2.0.x - albumportal.php Remote File Inclusion source: https://www.securityfocus.com/bid/10177/info It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system...
phpBB 2.0.x - 'album_portal.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/10177/info It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system...