10 matches found
CVE-2006-0632
The CVE-2006-0632 entry affects phpBB 2.0.19. The gen_rand_string function uses insufficiently random data (small value space) to generate the activation key (validation ID) sent by e-mail when establishing a password, enabling remote attackers to obtain the key and modify passwords for existing ...
CVE-2005-0259
CVE-2005-0259 affects phpBB 2.0.11 (and possibly other versions) where enabling remote avatars and avatar uploading allows local users to read arbitrary files by providing both a local and remote avatar location and setting the “Upload Avatar from a URL:” field to reference the target file. Root ...
CVE-2006-6508
CVE-2006-6508 is a Cross-site request forgery (CSRF) affecting phpBB 2.0.21. The issue allows a remote authenticated user to perform actions (send unauthorized messages as another user) via unspecified vectors. Root cause details are not fully disclosed in the provided documents, but Debian/DSA-1...
CVE-2006-1896
CVE-2006-1896 concerns a vulnerability in phpbb2 where admin users with access to the Admin Panel can cause arbitrary PHP code execution via the Font Colour 3 setting due to insufficient input sanitisation. Debian/DSA-1066-1 documents that the issue arises from how values are sanitised for Font C...
CVE-2006-6421
CVE-2006-6421 is an XSS in phpBB 2.0.x; the private messaging (privmsg.php) feature allows remote authenticated users to inject arbitrary script/HTML via the Message body when targeting a non-existent user. Affected component: phpBB 2.0.x private messaging; root cause is user-supplied input not s...
CVE-2004-0339
CVE-2004-0339 : A cross-site scripting (XSS) flaw exists in phpBB’s ViewTopic.php, affecting possibly 2.0.6c and earlier. The vulnerability allows an attacker to execute arbitrary script or HTML as other users via the postorder parameter. Other connected records corroborate the same description (...
CVE-2004-0730
PhpBB 2.0.8 is affected by multiple XSS vulnerabilities (three vectors: cat_title in index.php, faq[0][0] in lang_faq.php as accessible from faq.php, and faq[0][0] in lang_bbcode.php as accessible from faq.php). The underlying issue is unsanitized input leading to remote script/HTML injection. Re...
CVE-2003-1373
The provided documents describe CVE-2003-1373 as a vulnerability in PhpBB versions 1.4.0 through 1.4.4. The issue is a directory traversal that lets remote attackers read and include arbitrary files via dot-dot sequences followed by NULL (%00) characters in CGI parameters, demonstrated for the la...
CVE-2006-1895
The provided data confirms CVE-2006-1895 affecting phpBB: a direct static code injection in includes/template.php allows remote authenticated users with write access to execute arbitrary PHP by modifying templates. The root causes are (1) bypassing a loose regex intended to match BEGIN/END in ove...
CVE-2003-0484
CVE-2003-0484 is an XSS vulnerability in phpBB's viewtopic.php where an attacker can inject arbitrary script via the topic_id parameter. Affected: phpBB (viewtopic.php); Impact: partial confidentiality, integrity, and availability concerns at the browser level due to script execution. CVSS2 base ...