phpBB profile.php Cross Site Scripting Vulnerability

Advisory Name : phpBB profile.php Cross Site Scripting Vulnerability Release Date : Mar 21,2004 Application : phpBB Version : phpBB 2.0.6d or others? Platform : PHP Vendor URL : http://www.phpbb.com/ Author : Cheng Peng Suapplesoupatmsn.com Proof of Conecpt: This vuln is in profile.php,when you...

CVE-2004-0339

Cross-site scripting XSS vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter...

New phpBB ViewTopic.php Cross Site Scripting Vulnerability

Advisory Name:New phpBB ViewTopic.php Cross Site Scripting Vulnerability Release Date: Feb 29,2004 Application: phpBB Platform: PHP Version Affected: the lastest version Vendor URL: http://www.phpbb.com/ Discover: Cheng Peng Suapplesoupatmsn.com Details: This vuln is similar to Arab VieruZ's...

CVE-2003-1244

SQL injection vulnerability in pageheader.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forumid parameter to index.php...

CVE-2003-1373

Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. dot dot sequences followed by NULL %00 characters in CGI parameters, as demonstrated using the lang parameter in prefs.php...

phpBB 2.0.6 - privmsg.php Cross-Site Scripting

phpBB 2.0.6 - privmsg.php Cross-Site Scripting source: https://www.securityfocus.com/bid/9290/info phpBB is prone to a cross-site scripting vulnerability in the 'privmsg.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI...

CVE-2003-1216

SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the searchid parameter...

sql injection in phpbb

I found a vulnerability en phpbb 2.0.5 and prior, is probably also affect 2.0.6 this bug don't affect to version 2.0.7 phpbb have a list of registereds users, when you click on a memebr of this list, you are requesting data to the database for example:...

phpBB 2.0.6 - URL BBCode HTML Injection

source: https://www.securityfocus.com/bid/8570/info phpBB BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of phpBB where BBCode is rendered, for example, bulletin board posts or private messages. This...

phpBB 2.0.4 Remote php File Include Exploit

Exploit for unknown platform in category web applications =========================================== phpBB 2.0.4 Remote php File Include Exploit =========================================== // / phpBB 2.0.4 Remote AdminStyles.PHP ThemeInfo.CFG File Include / / / / Exploit made on June 2003 by...

phpBB 2.0.5 SQL Injection password disclosure Exploit

Exploit for unknown platform in category web applications ===================================================== phpBB 2.0.5 SQL Injection password disclosure Exploit ===================================================== !/usr/bin/perl -w phpBB password disclosure vuln. - rick patel There is a sql...

CVE-2002-0473

db.php in phpBB 2.0 aka phpBB2 RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbbrootpath parameter...

CVE-2002-1537

adminugauth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling adminugauth.php with modifed form fields such as "u"...

phpBB SQL Injection vulnerability

phpBB SQL Injection vulnerability PROGRAM: phpBB VENDOR: phpBB Group HOMEPAGE: http://www.phpbb.com/ VULNERABLE VERSIONS: 2.0.3, possibly others IMMUNE VERSIONS: 2.0.4 LOGIN REQUIRED: yes DESCRIPTION: "phpBB is a UBB-style dissussion board written in PHP backended by a MySQL database. It includes...

CVE-2002-2255

Cross-site scripting XSS vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the searchusername parameter in searchuser mode...

CVE-2002-1894

Cross-site scripting XSS vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...

CVE-2002-2346

phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses...

CVE-2002-1707

install.php in phpBB 2.0 through 2.0.1, when "allowurlfopen" and "registerglobals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbbrootdir parameter to reference a URL on a remote web server that contains the code...

Cross-site Scripting Vulnerability in phpBB 2.0.3

Hello : here is the code ---------------- html body form method="post" name="search" action="http://target/search.php?mode=searchuser" input type="hidden" name="searchusername" value=""/ /form SCRIPT...

phpBB 2.0.3 - search.php Cross-Site Scripting

phpBB 2.0.3 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6311/info phpBB is vulnerable to cross site scripting attacks. This is due to insufficient santization of user-supplied input. The problem is located in the search.php script. This issue may be exploited by an...