phpBB 2.0.23 - From Variable Tampering to SQL Injection

RIPS Analysis The forum phpBB2 consists of only 50,000 lines of code and RIPS took only 19 seconds for its in-depth security analysis to complete. It found various PHP object injection vulnerabilities which are less severe due to missing gadget chains. Further, many SQL injections are reported du...

Tapatalk Detection (HTTP)

HTTP based detection of Tapatalk. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.111039";...

phpBB 'functions.php' open redirect vulnerability

phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. An open redirect vulnerability exists in phpBB 'functions.php'. An attacker uses a crafted URL to attract...

phpBB 'includes/message_parser.php' HTML injection vulnerability

phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. An HTML injection vulnerability exists in versions prior to phpBB 3.0.8, which arises from the program's...

phpBB BBCode IMG Tag script injection vulnerability

phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A script injection vulnerability exists in phpBB because the program fails to adequately filter user-submitt...

CVE-2015-1432

The messageoptions function in includes/ucp/ucppmoptions.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors...

CVE-2015-1431

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...

Cross site request forgery (csrf)

The messageoptions function in includes/ucp/ucppmoptions.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors...

CVE-2015-1432

The messageoptions function in includes/ucp/ucppmoptions.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...

UBUNTU-CVE-2015-1431

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...

CVE-2015-1432

The messageoptions function in includes/ucp/ucppmoptions.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors...

CVE-2015-1431

CVE-2015-1431 affects phpBB up to 3.0.12, with an XSS vulnerability in includes/startup.php exploitable via Relative Path Overwrite. The issue allows remote attackers to inject arbitrary script/HTML. The public details indicate the vulnerability exists in phpBB before 3.0.13 and has been addresse...

CVE-2015-1432

CVE-2015-1432 concerns phpBB

CVE-2015-1431

Cross-site scripting XSS vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."...

phpBB 3.1.1 deregister_globals() Bypass

When PHP's registerglobals configuration directive set on, phpBB will call deregisterglobals function, all global variables registered by PHP will be destroyed. But deregisterglobals functions can be bypassed. $input = arraymerge arraykeys$GET, arraykeys$POST, arraykeys$COOKIE, arraykeys$SERVER,...

mail2forum phpBB Mod <= 1.2 (m2f_root_path) Remote Include Vulns

No description provided by source. Title : mail2forum = 1.2 Multiple Remote File Include Vulnerabilities Discovered By OLiBekaS ----------------------------------------------------------------------------- Affected software description : Application : mail for phpbb bulletin board/forum software...

phpBB Mod Small ShoutBox 1.4 - Remote Edit/Delete Messages Vuln

No description provided by source. / -------------------------------------------------------------- phpBB Mod Small ShoutBox 1.4 Remote Edit/Delete Messages Vuln -------------------------------------------------------------- Discovered By StAkeRathotmaildotit Download On...

phpBB <= 2.0.20 (Admin/Restore DB/default_lang) Remote Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo PhpBB = v2.0.20 \Admin/Restore Database/defaultlang remote commands execution\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo - you need an admin sid, works regardless of...

THoRCMS <= 1.3.1 (phpbb_root_path) Remote File Include Vulnerability

No description provided by source. --------------------------------------------------------------------------- THoRCMS = 1.3.1 phpbbrootpath Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team...