Privilege Escalation Vulnerability In phpBB 2.0.0

Privilege Escalation Vulnerability In phpBB 2.0.0 ------------------------------------------------- Rootsecure.net recently found a privilege escalation vulnerability in "phpBB 2.0.0" which allows any person with a "user" level account to escalate their privileges to that of "administrator" level...

CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 phpBB2 allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote " in the IMG tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects th...

CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 phpBB2 allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote " in the IMG tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects th...

CVE-2002-0533

phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

CVE-2002-0473

db.php in phpBB 2.0 aka phpBB2 RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbbrootpath parameter...

CVE-2002-0475

Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message...

phpBB/gender mod allows get admin privilege, exploit/patch

Annoucement: Sua loi thay doi quyen user trong phpbb2.x In phpBB with the official Gender Mod, this vuln allows a normal user set her/himself to become a forum administrator. Nguoi viet/Author: PTTrung http://hackervn.net caothuvolam http://viethacker.net langtuhaohoa [email protected]...

malicious PHP source injection in phpBB

JCC Security Advisory June 16, 2002 malicious PHP source injection in phpBB Description phpBB is one of popular PHP bulletin board systems. When allowurlfopen = On and registerglobals = On in php.ini, phpBB has vulnerability because install.php contains dangerous codes. So an attacker can include...

CVE-2002-0475

Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message...

CVE-2002-0533

phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

(WSS-Advisories-02003) PHPBB BBcode Process Vulnerability

WSS-Advisories-02003 PHPBB BBcode Process Vulnerability Release infomation ------------------ Release Date: 2001-4-4 Author: By Whitecell Security SystemsWSS tombkeeper [email protected] alert7 [email protected] Homepage: http://www.whitecell.org/ Impact: -------- WSS has found a...

phpBB 1.4.2, Remote user is able to modify SQL query.

Hi, there is a a potential security problem in the current version 1.4.2 and previous versions of phpBB http://www.phpbb.com. A remote user is able to modify a string passed as a SQL query to the MySQL database. The problem exists in the file bbmemberlist.php. A string called $sortby is supplied...

phpBB does not adequately validate user input thereby allowing user to gain escalated privileges via manipulated SQL query

Overview phpBB is an open-source bulletin board program. There exists a user input validation problem with regard to the parsing of the URL. An intruder can excute limited SQL queries and gain administrative privileges on the bulletin board. Description phpBB has a user input validation problem...

phpBB does not adequately validate user input for language selection thereby allowing user to execute arbitrary php code

Overview phpBB is an open-source bulletin board program. A user input validation problem exists with regard to language settings. An intruder can excute arbitrary php code and gain a shell with the privileges of the web server on the system. Description Version 1.4.0 and earlier have a user input...

Easily and Remotely Pipe a Covert Shell on phpBB version 1.4.0 and below

note to editors: please leave all links intact. Easily and Remotely Pipe a Covert Shell on phpBB version 1.4.0 and below found and written by: [email protected] http://www.modernhacker.com phpBB, is an open source bulletin board created by the phpBB group phpbb.com . Versions 1.4.0 and belo...

CVE-2001-1472

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter...

phpBB 1.x - Page Header Arbitrary Command Execution

source: https://www.securityfocus.com/bid/3167/info An input validation error exists in phpBB, a freely available WWW forums package. The problem is due to improper validation of some variables in phpBB. It is possible for users registered with the phpBB system to submit values for certain...