CVE-2004-0730

Multiple cross-site scripting XSS vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via 1 the cattitle parameter in index.php, 2 the faq00 parameter in langfaq.php as accessible from faq.php, or 3 the faq00 parameter in langbbcode.php as accessible from...

phpBB < 2.0.10 Multiple XSS

The remote host is running a version of phpBB older than 2.0.10. phpBB contains a flaw that allows a remote cross-site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'searchauthor' parameter. This version is also vulnerable to an HTTP...

CVE-2004-0729

PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid 1 categoryrows parameter to index.php, 2 faq parameter to faq.php, or 3 ranksrow parameter to profile.php, which reveal the full path in an error message...

CVE-2004-0730

PhpBB 2.0.8 is affected by multiple XSS vulnerabilities (three vectors: cat_title in index.php, faq[0][0] in lang_faq.php as accessible from faq.php, and faq[0][0] in lang_bbcode.php as accessible from faq.php). The underlying issue is unsanitized input leading to remote script/HTML injection. Re...

CVE-2004-0730

Multiple cross-site scripting XSS vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via 1 the cattitle parameter in index.php, 2 the faq00 parameter in langfaq.php as accessible from faq.php, or 3 the faq00 parameter in langbbcode.php as accessible from...

CVE-2004-0729

CVE-2004-0729 affects PhpBB 2.0.8. The vulnerability occurs when users supply invalid input via (1) category_rows to index.php, (2) faq to faq.php, or (3) ranksrow to profile.php, triggering error messages that reveal the full server path. The available documents confirm the component and origin ...

phpBB < 2.0.9 Multiple Vulnerabilities

The remote host is running a version of phpBB older than 2.0.9. There is a flaw in the remote software that may allow anyone to inject arbitrary SQL commands, which may in turn be used to gain administrative access on the remote host or to obtain the MD5 hash of the password of any user. One...

PhpBB HTTP Response Splitting & Cross Site Scripting vulnerabilities

///////////////////////////////////////////////////////////////////// //=================== Security Advisory =======================// ///////////////////////////////////////////////////////////////////// --------------------------------------------------------------------- --- PhpBB HTTP Respon...

CVE-2004-2055

Cross-site scripting XSS vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the searchauthor parameter...

[waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8]

================================================================================ waraxe-2004-SA034 ================================================================================ XSS and full path disclosure in PhpBB 2.0.8...

PHP BB bug

Hello, i dont know if my foundation is acceptable or not but here we go i post it... when u right an SQL query in the highlight section of the PHPBB u'll get all of the page highlighted example : forums/viewtopic.php?t=NUMBER HERE&highlight=Bug,SELECT FROM $table Thank You...

phpBB 2.0.x - &#039;viewtopic.php&#039; PHP Script Injection

source: https://www.securityfocus.com/bid/10701/info The 'viewtopic.php' phpBB script is prone to a remote PHP script injection vulnerability because the application fails to properly sanitize user-supplied URI parameters before using them to construct dynamically generated web pages. Exploiting...

phpBB 2.0.x - viewtopic.php PHP Script Injection

phpBB 2.0.x - viewtopic.php PHP Script Injection source: https://www.securityfocus.com/bid/10701/info The 'viewtopic.php' phpBB script is prone to a remote PHP script injection vulnerability because the application fails to properly sanitize user-supplied URI parameters before using them to...

FreeBSD Ports: phpBB < 2.0.8

The remote host has an old version of phpBB installed. phpBB is a PHP-based bulletin board. There is a cross-site scripting issue in the remote version of this software which may allow an attacker to damage the remote phpBB installation %NASLMINLEVEL 999999 @DEPRECATED@ This script has been...

FreeBSD : Critical SQL injection in phpBB (139)

The following package needs to be updated: phpbb %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg70f5b3c680f011d896450020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...

FreeBSD : phpBB IP address spoofing (140)

The following package needs to be updated: phpbb %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgcfe17ca668584805ba1da60a61ec9b4d.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...

phpBB 2.0.8a and lower - IP spoofing vulnerability

Advisory Name : phpBB 2.0.8a and lower - IP spoofing vulnerability Release Date : Apr 18, 2004 Application : phpBB Version : phpBB 2.0.8a and previous versions Platform : PHP Vendor URL : http://www.phpbb.com/ Author : Wang / SRR Project Group of Ready Response [email protected] Overview A...

phpBB modified by Przemo arbitary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --====----====----====----====----====----====----====----====----====----===-- Product: phpBB modified by Przemo Version: v1.8 Vendor: http://przemo.org/phpBB2/ Discover by: Officerrr officerrr at poligon.com.pl Vendor Response: Not contacted yet...

CVE-2004-1943

PHP remote file inclusion vulnerability in albumportal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbbrootpath parameter...

CVE-2004-1950

phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses...