CVE-2005-1378

The CVE-2005-1378 issue is a SQL injection in phpBB’s notes module (posting_notes.php) where the p parameter sets the $post_id, enabling remote execution of arbitrary SQL. Affected component: phpBB notes module; vulnerability caused by unsafely using user-supplied input in SQL queries. NVD lists ...

CVE-2005-1196

SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter...

CVE-2005-1290

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 u parameter to profile.php, 2 highlight parameter to viewtopic.php, or 3 forumname or forumdesc parameters to adminforums.php...

CVE-2005-1114

Multiple SQL injection vulnerabilities in albumsearch.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the 1 mode or 2 search parameters...

CVE-2005-1235

auctionmyauctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message...

CVE-2005-1116

Cross-site scripting XSS vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendarscheduler.php...

CVE-2005-1170

SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2005-1171

Cross-site scripting XSS vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2005-0614

sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie...

CVE-2005-1378

SQL injection vulnerability in postingnotes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $postid variable, and other attack vectors...

CVE-2005-0871

calendarscheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message...

CVE-2005-0614

sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie...

CVE-2005-1113

Multiple cross-site scripting XSS vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to 1 groupcp.php, 2 index.php, 3 portal.php, 4 viewforum.php, or 5 viewtopic.php, 6 the c parameter to index.php, or 7 the article...

CVE-2005-0659

phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message...

CVE-2005-0872

Cross-site scripting XSS vulnerability in calendarscheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter...

phpBB Notes Mod SQL Injection Vulnerability

GulfTech Security Research April 27th, 2005 Vendor : Oxpus URL : http://www.oxpus.de/ Version : All Versions Risk : SQL Injection Vulnerability Description: oxpus.de author many popular modules and hacks for the amazingly popular phpBB software. One of these modules allows users to keep their own...

phpBB Notes Module - SQL Injection

source: https://www.securityfocus.com/bid/13417/info The notes module for phpBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a...

phpBB Notes Module - SQL Injection

phpBB Notes Module - SQL Injection source: https://www.securityfocus.com/bid/13417/info The notes module for phpBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

CVE-2005-1290

CVE-2005-1290 affects phpBB 2.0.14 and earlier. It has multiple XSS vulnerabilities allowing remote attackers to inject arbitrary script/HTML via: (1) the u parameter in profile.php, (2) the highlight parameter in viewtopic.php, and (3) the forumname or forumdesc parameters in admin_forums.php. T...

CVE-2005-1290

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 u parameter to profile.php, 2 highlight parameter to viewtopic.php, or 3 forumname or forumdesc parameters to adminforums.php...