phpBB 2.0.3 - search.php Cross-Site Scripting

phpBB 2.0.3 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6311/info phpBB is vulnerable to cross site scripting attacks. This is due to insufficient santization of user-supplied input. The problem is located in the search.php script. This issue may be exploited by an...

[Sec-Tec Advisory] Local scripting vulnerability in phpBB

Application: phpBB2 Vendor : http://www.phpbb.com Problem : Insufficient filtering of user input Usability : Easy Severity : Medium Report by : Pete Foster, Sec-Tec Ltd http://www.sec-tec.com The Product From vendors site: phpBB is a high powered, fully scalable, and highly customisable open-sour...

phpBB 2.0.3 - Script Injection

source: https://www.securityfocus.com/bid/6248/info phpBB does not properly sanitize user input in forum postings. This could allow a malicious user to inject script code into a forum post which would in turn be executed when the page is viewed by other users. Script code would be executed in the...

phpBB 2.0.3 - Script Injection

phpBB 2.0.3 - Script Injection source: https://www.securityfocus.com/bid/6248/info phpBB does not properly sanitize user input in forum postings. This could allow a malicious user to inject script code into a forum post which would in turn be executed when the page is viewed by other users. Scrip...

phpBB Advanced Quick Reply Hack 1.01.1 - Remote File Inclusion

phpBB Advanced Quick Reply Hack 1.01.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/6173/info The phpBB Advanced Quick Reply Hack is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence t...

Code Injection in phpBB Advanced Quick Reply Mod

Software: phpBB Advanced Quick Reply Mod I've found a security hole in this sofware Code Injection. You can download this software at http://phpbbhacks.com/viewhack.php?id=586 Hackers can exploit this Mod to inject some shell code to hack your forum, your website or your server local exploit...

phpBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Inclusion

source: https://www.securityfocus.com/bid/6173/info The phpBB Advanced Quick Reply Hack is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the include path for 'extension.inc' in the 'quickreply.php'...

Privilege Escalation Vulnerability In phpBB 2.0.0

Privilege Escalation Vulnerability In phpBB 2.0.0 ------------------------------------------------- Rootsecure.net recently found a privilege escalation vulnerability in "phpBB 2.0.0" which allows any person with a "user" level account to escalate their privileges to that of "administrator" level...

CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 phpBB2 allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote " in the IMG tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects th...

CVE-2002-0902

CVE-2002-0902 describes a cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2). An attacker can cause script execution in other phpBB users’ browsers by inserting a http:// and a double-quote (") into an IMG tag, bypassing phpBB’s security check, which terminates the src parameter of the IM...

CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 phpBB2 allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote " in the IMG tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects th...

CVE-2002-0475

Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message...

CVE-2002-0473

db.php in phpBB 2.0 aka phpBB2 RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbbrootpath parameter...

CVE-2002-0533

phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

phpBB/gender mod allows get admin privilege, exploit/patch

Annoucement: Sua loi thay doi quyen user trong phpbb2.x In phpBB with the official Gender Mod, this vuln allows a normal user set her/himself to become a forum administrator. Nguoi viet/Author: PTTrung http://hackervn.net caothuvolam http://viethacker.net langtuhaohoa [email protected]...

malicious PHP source injection in phpBB

JCC Security Advisory June 16, 2002 malicious PHP source injection in phpBB Description phpBB is one of popular PHP bulletin board systems. When allowurlfopen = On and registerglobals = On in php.ini, phpBB has vulnerability because install.php contains dangerous codes. So an attacker can include...

CVE-2002-0533

CVE-2002-0533 affects phpBB 1.4.4 and earlier. The vulnerability lies in how BBCode handling processes [code] tags, allowing remote attackers to trigger CPU-based DoS and corrupt the database by inserting null ASCII 0 characters. The existing records indicate the issue and affected family, but th...

CVE-2002-0475

The CVE-2002-0475 entry describes a cross-site scripting (XSS) vulnerability in phpBB versions 1.4.4 and earlier. The flaw allows remote attackers to cause arbitrary JavaScript execution on a user’s browser by embedding a script inside an IMG tag while editing a message. Affected software is phpB...

CVE-2002-0533

phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

CVE-2002-0475

Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message...