phpBB <= 2.0.14 Multiple Vulnerabilities

According to its banner, the remote host is running a version of phpBB that suffers from multiple flaws: - A BBCode Input Validation Vulnerability The application fails to properly filter for the BBCode URL in the 'includes/bbcode.php' script. With a specially crafted URL, an attacker could cause...

-==phpBB 2.0.14 Multiple Vulnerabilities==-

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 14 - 17/04/05 -------------------------------------------------------- Program: phpBB 2.0.14 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.14 & Lower versions Risk: Low Risk!! Impact:...

CVE-2005-1234

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the 1 u parameter to auctionrating.php or 2 ar parameter to actionoffer.php...

CVE-2005-1234

CVE-2005-1234 : Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the u parameter to auction_rating.php or (2) the ar parameter to action_offer.php. These entries describe the affected product as phpbb-Auction and identify the...

CVE-2005-1235

The CVE concerns phpbb-Auction 1.2m and earlier, where auction_my_auctions.php accepts an invalid mode parameter and, via a PHP error message, leaks the full path. This is a potential information disclosure vulnerability in the PHP code path handling the auction feature. The provided documents do...

CVE-2005-1235

auctionmyauctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message...

phpBB < 2.0.15 admin_forums.php XSS

Binary data 2849.prm...

phpBB 2.0.x - &#039;viewtopic.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13345/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

phpBB 2.0.x - profile.php Cross-Site Scripting

phpBB 2.0.x - profile.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13344/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

phpBB 2.0.x - &#039;profile.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13344/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

phpBB 2.0.x - viewtopic.php Cross-Site Scripting

phpBB 2.0.x - viewtopic.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13345/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

CVE-2001-1472

The CVE-2001-1472 entry describes a SQL injection in phpBB 1.4.0/1.4.1 through prefs.php via the viewemail parameter. This allows remote authenticated users to execute arbitrary SQL commands and gain administrative access. Affected: phpBB 1.4.0 and 1.4.1; vulnerability originates from the handlin...

CVE-2005-1196

CVE-2005-1196: SQL injection in phpBB Knowledge Base module kb.php via the cat parameter due to improper input sanitization. This allows remote attackers to modify SQL queries and potentially access sensitive data. Affected component is the Knowledge Base module for phpBB; the vulnerability is do...

CVE-2001-1471

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables 1 $lstatsblock in prefs.php or 2 $lprivnotify in auth.php from being properly initialized, which can be modified by the user and later...

CVE-2001-1472

SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter...

CVE-2001-1471

CVE-2001-1471 affects phpBB versions 1.4.0 and earlier. The root cause is an invalid language value in prefs.php (and related auth.php handling) that can let a remote authenticated user modify variables (e.g., $l_statsblock, $l_privnotify) and later use them in an eval, enabling arbitrary PHP cod...

CVE-2005-1196

SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter...

phpBB-Auction Module 1.01.2 - Auction_Rating.php SQL Injection

phpBB-Auction Module 1.01.2 - AuctionRating.php SQL Injection source: https://www.securityfocus.com/bid/13283/info phpbb-auction module is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...

phpBB-Auction Module 1.0/1.2 - &#039;Auction_Offer.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/13284/info phpbb-auction module is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of...

phpBB-Auction Module 1.01.2 - Auction_Offer.php SQL Injection

phpBB-Auction Module 1.01.2 - AuctionOffer.php SQL Injection source: https://www.securityfocus.com/bid/13284/info phpbb-auction module is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...