7 matches found
CVE-2006-0632
The CVE-2006-0632 entry affects phpBB 2.0.19. The gen_rand_string function uses insufficiently random data (small value space) to generate the activation key (validation ID) sent by e-mail when establishing a password, enabling remote attackers to obtain the key and modify passwords for existing ...
CVE-2006-0450
CVE-2006-0450 affects phpBB 2.0.19 and earlier. The vulnerability allows remote attackers to cause a denial of service (application crash) by either: (1) registering many users through profile.php, or (2) performing a specially crafted search via search.php that confuses the database. The impact ...
CVE-2006-6421
CVE-2006-6421 is an XSS in phpBB 2.0.x; the private messaging (privmsg.php) feature allows remote authenticated users to inject arbitrary script/HTML via the Message body when targeting a non-existent user. Affected component: phpBB 2.0.x private messaging; root cause is user-supplied input not s...
CVE-2006-2865
The CVE-2006-2865 issue concerns phpBB 2 with a remote file inclusion in template.php via the page parameter, enabling an attacker to execute arbitrary PHP code. Concrete details from connected sources confirm the affected software (phpBB 2) and the vulnerable component (template.php) with the ro...
CVE-2006-2134
CVE-2006-2134 describes a PHP remote file inclusion in the Knowledge Base Mod for PHPBB 2.0.2 and earlier. The vulnerability stems from the module_root_path parameter, allowing remote attackers to execute arbitrary PHP code via a crafted URL in that parameter. Affected component is the include fi...
CVE-2006-0438
CVE-2006-0438 is a CSRF vulnerability in phpBB 2.0.19 where enabling Link to off-site Avatar or bbcode (IMG) allows an attacker to perform actions as a logged-in user via a link or image in a profile (e.g., admin/admin_users.php, modcp.php). The NVD entry lists a CVSSv2 base score of 5.0 (Medium)...
CVE-2006-5209
The CVE-2006-5209 entry describes a PHP remote file inclusion in Admin Topic Action Logging Mod 0.95 and earlier, used with phpBB 2.0 up to 2.0.21. The vulnerability allows remote attackers to execute arbitrary PHP code via a URL supplied to the phpbb_root_path parameter in admin/admin_topic_acti...