Lucene search

K
Phpbb GroupPhpbb2.0.7a

21 matches found

CVE
CVE
added 2005/05/10 4:0 a.m.584 views

CVE-2004-1943

PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.

7.5CVSS8AI score0.01676EPSS
CVE
CVE
added 2005/11/01 9:2 p.m.55 views

CVE-2005-3418

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not init...

4.3CVSS5.5AI score0.01451EPSS
CVE
CVE
added 2005/05/16 4:0 a.m.51 views

CVE-2005-1193

The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (...

7.5CVSS7.4AI score0.27107EPSS
CVE
CVE
added 2005/11/01 9:2 p.m.48 views

CVE-2005-3415

phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.

7.5CVSS6.3AI score0.01078EPSS
CVE
CVE
added 2005/11/01 9:2 p.m.48 views

CVE-2005-3416

phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge fu...

7.5CVSS6.4AI score0.00842EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.47 views

CVE-2005-0614

sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.

7.5CVSS6.9AI score0.04491EPSS
CVE
CVE
added 2005/11/01 9:2 p.m.46 views

CVE-2005-3417

phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.

7.5CVSS6.5AI score0.00842EPSS
CVE
CVE
added 2005/11/01 9:2 p.m.46 views

CVE-2005-3419

SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.

7.5CVSS8AI score0.01314EPSS
CVE
CVE
added 2005/12/22 11:3 p.m.43 views

CVE-2005-3536

SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type.

7.5CVSS8AI score0.00502EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.42 views

CVE-2004-2055

Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.

4.3CVSS6AI score0.00444EPSS
CVE
CVE
added 2005/11/01 9:2 p.m.42 views

CVE-2005-3420

usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.

7.5CVSS6.7AI score0.02323EPSS
CVE
CVE
added 2005/12/22 11:3 p.m.40 views

CVE-2005-3537

A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.

5CVSS6.3AI score0.0038EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.39 views

CVE-2004-1950

phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.

5CVSS6.6AI score0.00619EPSS
CVE
CVE
added 2005/03/14 5:0 a.m.39 views

CVE-2005-0258

Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.

5CVSS6.6AI score0.00473EPSS
CVE
CVE
added 2005/03/14 5:0 a.m.39 views

CVE-2005-0259

phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.

6.4CVSS6.2AI score0.00539EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.38 views

CVE-2005-0603

viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.

5CVSS6.2AI score0.0412EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.38 views

CVE-2005-1115

Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php.

4.3CVSS5.8AI score0.00409EPSS
CVE
CVE
added 2005/04/12 4:0 a.m.36 views

CVE-2005-1047

Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory.

7.5CVSS7.4AI score0.00982EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.36 views

CVE-2005-1114

Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters.

7.5CVSS8.6AI score0.00743EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.35 views

CVE-2005-0659

phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.

5CVSS6.2AI score0.00477EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.34 views

CVE-2004-2054

CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php.

5CVSS6.8AI score0.00563EPSS