Lucene search
+L
Phpbb GroupPhpbb2.0 beta1

7 matches found

cve
cve
added 2006/02/10 11:0 a.m.69 views

CVE-2006-0632

The CVE-2006-0632 entry affects phpBB 2.0.19. The gen_rand_string function uses insufficiently random data (small value space) to generate the activation key (validation ID) sent by e-mail when establishing a password, enabling remote attackers to obtain the key and modify passwords for existing ...

6.4CVSS6.4AI score0.02501EPSS
cve
cve
added 2006/01/27 12:0 a.m.62 views

CVE-2006-0450

CVE-2006-0450 affects phpBB 2.0.19 and earlier. The vulnerability allows remote attackers to cause a denial of service (application crash) by either: (1) registering many users through profile.php, or (2) performing a specially crafted search via search.php that confuses the database. The impact ...

5CVSS6.7AI score0.05089EPSS
cve
cve
added 2006/12/10 11:0 a.m.56 views

CVE-2006-6421

CVE-2006-6421 is an XSS in phpBB 2.0.x; the private messaging (privmsg.php) feature allows remote authenticated users to inject arbitrary script/HTML via the Message body when targeting a non-existent user. Affected component: phpBB 2.0.x private messaging; root cause is user-supplied input not s...

6CVSS5.3AI score0.15454EPSS
cve
cve
added 2006/06/06 8:3 p.m.53 views

CVE-2006-2865

The CVE-2006-2865 issue concerns phpBB 2 with a remote file inclusion in template.php via the page parameter, enabling an attacker to execute arbitrary PHP code. Concrete details from connected sources confirm the affected software (phpBB 2) and the vulnerable component (template.php) with the ro...

7.5CVSS7.6AI score0.0282EPSS
cve
cve
added 2006/05/02 10:0 a.m.51 views

CVE-2006-2134

CVE-2006-2134 describes a PHP remote file inclusion in the Knowledge Base Mod for PHPBB 2.0.2 and earlier. The vulnerability stems from the module_root_path parameter, allowing remote attackers to execute arbitrary PHP code via a crafted URL in that parameter. Affected component is the include fi...

5.1CVSS7.6AI score0.09499EPSS
Web
cve
cve
added 2006/02/06 10:0 p.m.49 views

CVE-2006-0438

CVE-2006-0438 is a CSRF vulnerability in phpBB 2.0.19 where enabling Link to off-site Avatar or bbcode (IMG) allows an attacker to perform actions as a logged-in user via a link or image in a profile (e.g., admin/admin_users.php, modcp.php). The NVD entry lists a CVSSv2 base score of 5.0 (Medium)...

5CVSS6.8AI score0.02485EPSS
Web
cve
cve
added 2006/10/09 7:0 p.m.47 views

CVE-2006-5209

The CVE-2006-5209 entry describes a PHP remote file inclusion in Admin Topic Action Logging Mod 0.95 and earlier, used with phpBB 2.0 up to 2.0.21. The vulnerability allows remote attackers to execute arbitrary PHP code via a URL supplied to the phpbb_root_path parameter in admin/admin_topic_acti...

7.5CVSS7.9AI score0.02276EPSS
Web