CVE-2005-4084

xsedit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an invalid viewbackup parameter...

CVE-2005-4083

Directory traversal vulnerability in xsedit.php in the eXtreme Styles phpBB module 2.2.1 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the edit parameter...

CVE-2005-4084

The CVE-2005-4084 issue affects the phpBB eXtreme Styles module (

CVE-2005-4084

xsedit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an invalid viewbackup parameter...

CVE-2005-4083

The CVE-2005-4083 entry describes a directory traversal vulnerability in the eXtreme Styles phpBB module (version 2.2.1 and earlier). The flaw is in xs_edit.php, where a crafted edit parameter containing .. can cause reading of arbitrary files. Documents indicate remote attackers could exploit th...

eXtremeTraversal.txt

eXtreme Styles mod = 2.2.1 Multiple Vulnerabilities ==================================================== http://www.phpbbstyles.com/ Description =========== These vulnerabilities could allow an attacker that has gained administrative access view file content on the system. 1. Remote File Content...

phpBB Blog 2.2.2 SQL inj. vuln.

phpBB Blog 2.2.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/phpbb-blog-222-sql-inj-vuln.html vendor:http://www.outshine.com/phpbbblog/ affected version:2.2.2 and prior Product Description: This is a blog system for phpBB. It...

php2018.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.18 SQL Query problem cXIb8O3.19 Author: Maksymilian Arciemowicz cXIb8O3 Date: 11.11.2005 from securityreason.com TEAM - --- 0.Description --- phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin boar d packag...

[VulnWatch] XSS & Header Injection in Drupal and vBulletin

A fake image header with actual html body content was able to get past phpbb's input validation. An exploit was issued for phpbb a month ago and that sparked me to check some other webapps. vbulletin 3.5.0 forum file attachments did not sanitize against this, as a result Jelsoft quickly issued...

CVE-2005-3799

phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path...

CVE-2005-3799

phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path...

CVE-2005-3799

phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path...

CVE-2005-3799

The CVE-2005-3799 entry concerns phpBB version 2.0.18, where a large SQL query can cause an error message that reveals SQL syntax or the full installation path, enabling information disclosure to remote attackers. Documents consistently describe this as an information-leak through error text gene...

CVE-2003-1244

CVE-2003-1244 affects phpBB 2.0, 2.0.1 and 2.0.2 via a SQL injection in page_header.php triggered by the forum_id parameter to index.php. The underlying issue is improper handling of the forum_id value, enabling an attacker to brute-force user passwords and potentially gain unauthorized access to...

CVE-2003-1244

SQL injection vulnerability in pageheader.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forumid parameter to index.php...

RANKBOX <= XSS vulnerability

Advisory 1 Title: "RANKBOX = XSS vulnerability" Author: spyburn Contact: [email protected] Website: elitemexico.org Date: 07/11/2005 Risk: High Vendor Url: http://chamberofgold.com Affected Software: RANKBOX Non Affected: We Are: ELITE MEXICO...

[Full-disclosure] phpBB 2.0.18 SQL Query problem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.18 SQL Query problem cXIb8O3.19 Author: Maksymilian Arciemowicz cXIb8O3 Date: 11.11.2005 from securityreason.com TEAM - --- 0.Description --- phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin boar d packag...

phpBB Fetch All < 2.0.12

The remote host is running a version of phpBB FetchAll older than 2.0.12. It is reported that this version of phpBB Fetch All is susceptible to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it in an SQL quer...

phpBB < 2.0.10

The remote host is running a version of phpBB older than 2.0.10. phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'searchauthor' parameter. This version is also vulnerable to a HTTP respon...

Topic Calendar XSS

The remote web server is running Topic Calendar, a module for phpBB which adds calendaring support to phpBB. This script is vulnerable to a cross site scripting issue. SPDX-FileCopyrightText: 2005 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright ...