CVE-2005-2545

Multiple cross-site scripting XSS vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 content parameter to profile.php and profilemisc.php, 3 the profile fields in userpage.php, 4 subject or 5 body in mail.php, or 8...

punBB < 1.2.6 profile.php $temp Parameter SQL Injection (deprecated)

Binary data 3058.prm...

PunBB 1.x - &#039;profile.php&#039; User Profile Edit Module SQL Injection

source: https://www.securityfocus.com/bid/14195/info PunBB is affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input through the user profile edit module of the 'profile.php' script before using it in a SQL query...

phpBB 2.0.15 - Register Multiple Users (Denial of Service)

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 15 - 00/00/06 -------------------------------------------------------- Program: phpBB 2.0.15 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.15 & Lower versions Risk: High Risk!! Impact:...

CVE-2005-1051

SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a changeemail action...

CVE-2005-1290

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 u parameter to profile.php, 2 highlight parameter to viewtopic.php, or 3 forumname or forumdesc parameters to adminforums.php...

CVE-2005-1290

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 u parameter to profile.php, 2 highlight parameter to viewtopic.php, or 3 forumname or forumdesc parameters to adminforums.php...

phpBB 2.0.x - &#039;profile.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13344/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

CVE-2005-1051

CVE-2005-1051 affects PunBB 1.2.4: a SQL injection in profile.php via the id parameter in the change_email action. The vulnerability requires an authenticated remote user and allows arbitrary SQL execution, with reported potential for modification of database queries and administrative access. Do...

CVE-2005-1051

SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a changeemail action...

punBB < 1.2.5 profile.php SQL Injection

Binary data 2807.prm...

PunBB profile.php id Parameter SQL Injection

According to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script 'profile.php' through the 'changeemail' parameter prior to using it in a SQL query. Once authenticated, an attacker can exploit this flaw to manipulate database queries,...

PunBB profile.php Multiple Parameter XSS

According to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script 'profile.php' through the 'email' and 'Jabber' parameters. An attacker could exploit this flaw to embed malicious script or HTML code in his profile. Then, whenever someo...

CVE-2005-0629

Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...

CVE-2005-0629

The CVE-2005-0629 issue concerns multiple XSS vulnerabilities in profile.php of 427BB 2.2. The vulnerability is triggered by the (1) user or (2) Avatar parameters, allowing remote attackers to inject arbitrary web script or HTML. The NVD entry documents a MEDIUM severity (CVSS v2: AV:N/AC:M/Au:N/...

HRG007.txt

HRG - Hackerlounge Research Group Release: HRG007 Monday 03/01/05 427BB The author can't be held responsible for any damage done by a reader. You have your own resonsibility Please use this document like it's meant to. Vulnerable: 427BB Any Version --- General Information: 427BB Is a simple board...

CVE-2005-0629

Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...

427BB profile.php XSS vulnerability.

HRG - Hackerlounge Research Group Release: HRG007 Monday 03/01/05 427BB The author can't be held responsible for any damage done by a reader. You have your own resonsibility Please use this document like it's meant to. Vulnerable: 427BB Any Version --- General Information: 427BB Is a simple board...

CVE-2005-0570

PunBB 1.2.1 contains a vulnerability in profile.php that allows remote attackers to cause a denial of service (account lockout) by setting a user’s password to NULL. This is the concrete vulnerability described in CVE-2005-0570 across sources (NVD/NIST and CVE list). The connected documents also ...

Multiple vulns in punBB

================================================= SQL Injections in punbb-1.2.1 register.php ================================================= Description ----------- A remote attacker can cause register.php to execute arbitrary SQL statements by supplying malicous values to the language or email...