phpbb 2.0.12 viewtopic.php Sql注入漏洞

No description provided by source...

phpbb 2.0.9 代码执行漏洞

No description provided by source...

phpbb 2.0.8 admin-board.php Sql注入

No description provided by source...

phpbb 2.0.11 usercp-avatar.php 目录遍历漏洞

No description provided by source...

phpbb 2.0.11 信息泄l漏漏洞

No description provided by source...

phpbb 2.0.10 admin cash.php 代码执行漏洞

No description provided by source...

phpbb 2.0.6 Sql注入

No description provided by source...

phpBB viewtopic.php Arbitrary Code Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'phpBB...

CVE-2009-3208

Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to permalink.php and 2 year parameter to index.php...

CVE-2009-3052

SQL injection vulnerability in root/includes/primequickstyle.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the primequickstyle parameter to ucp.php...

Sql injection

SQL injection vulnerability in root/includes/primequickstyle.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the primequickstyle parameter to ucp.php...

CVE-2009-3052

The CVE-2009-3052 entry IDs a SQL injection in the Prime Quick Style addon for phpBB 3.0.x, in root/includes/prime_quick_style.php, exploitable via the prime_quick_style parameter to ucp.php. The affected version range is before 1.2.3. The vulnerability allows remote authenticated users to execut...

CVE-2009-3052

SQL injection vulnerability in root/includes/primequickstyle.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the primequickstyle parameter to ucp.php...

CVE-2008-7143

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header...

CVE-2008-7143

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header...

CVE-2008-7143

phpBB 2.0.23 is affected. When a moderator/administrator closes a thread, the session ID can be exposed in a Referer header during a post that includes a URL to a remotely hosted image, enabling remote attackers to hijack the user session. The NVD entry lists CVSS v2 metrics: AV:N/AC:M/Au:N/C:P/I...

FreeBSD : Critical SQL injection in phpBB (70f5b3c6-80f0-11d8-9645-0020ed76ef5a)

Anyone can get admin's username and password's md5 hash via a single web request. A working example is provided in the advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

FreeBSD : phpBB IP address spoofing (cfe17ca6-6858-4805-ba1d-a60a61ec9b4d)

The common.php script always trusts the X-Forwarded-For' header in the client's HTTP request. A remote user could forge this header in order to bypass any IP address access control lists ACLs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

phpBB < 3.0.4 Authentication Bypass Vulnerability

phpBB is prone to an authentication bypass vulnerability because it fails to properly enforce privilege requirements on some operations. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

phpBB Account Re-Activation Authentication Bypass Vulnerability

According to its version number, the remote version of phpbb is prone to an authentication-bypass vulnerability because it fails to properly enforce privilege requirements on some operations. Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which m...