Lucene search
+L
Phpbb GroupPhpbb

10 matches found

CVE
CVE
added 2006/02/10 11:0 a.m.70 views

CVE-2006-0632

The CVE-2006-0632 entry affects phpBB 2.0.19. The gen_rand_string function uses insufficiently random data (small value space) to generate the activation key (validation ID) sent by e-mail when establishing a password, enabling remote attackers to obtain the key and modify passwords for existing ...

6.4CVSS6.4AI score0.02501EPSS
CVE
CVE
added 2005/02/22 5:0 a.m.62 views

CVE-2005-0259

CVE-2005-0259 affects phpBB 2.0.11 (and possibly other versions) where enabling remote avatars and avatar uploading allows local users to read arbitrary files by providing both a local and remote avatar location and setting the “Upload Avatar from a URL:” field to reference the target file. Root ...

6.4CVSS6.2AI score0.02043EPSS
CVE
CVE
added 2006/12/14 12:0 a.m.57 views

CVE-2006-6508

CVE-2006-6508 is a Cross-site request forgery (CSRF) affecting phpBB 2.0.21. The issue allows a remote authenticated user to perform actions (send unauthorized messages as another user) via unspecified vectors. Root cause details are not fully disclosed in the provided documents, but Debian/DSA-1...

6CVSS6.2AI score0.0102EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.56 views

CVE-2006-1896

CVE-2006-1896 concerns a vulnerability in phpbb2 where admin users with access to the Admin Panel can cause arbitrary PHP code execution via the Font Colour 3 setting due to insufficient input sanitisation. Debian/DSA-1066-1 documents that the issue arises from how values are sanitised for Font C...

6CVSS7AI score0.01278EPSS
CVE
CVE
added 2006/12/10 11:0 a.m.56 views

CVE-2006-6421

CVE-2006-6421 is an XSS in phpBB 2.0.x; the private messaging (privmsg.php) feature allows remote authenticated users to inject arbitrary script/HTML via the Message body when targeting a non-existent user. Affected component: phpBB 2.0.x private messaging; root cause is user-supplied input not s...

6CVSS5.3AI score0.15454EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.54 views

CVE-2004-0339

CVE-2004-0339 : A cross-site scripting (XSS) flaw exists in phpBB’s ViewTopic.php, affecting possibly 2.0.6c and earlier. The vulnerability allows an attacker to execute arbitrary script or HTML as other users via the postorder parameter. Other connected records corroborate the same description (...

6.8CVSS6.5AI score0.01362EPSS
CVE
CVE
added 2004/07/23 4:0 a.m.51 views

CVE-2004-0730

PhpBB 2.0.8 is affected by multiple XSS vulnerabilities (three vectors: cat_title in index.php, faq[0][0] in lang_faq.php as accessible from faq.php, and faq[0][0] in lang_bbcode.php as accessible from faq.php). The underlying issue is unsanitized input leading to remote script/HTML injection. Re...

6.8CVSS5.8AI score0.01476EPSS
CVE
CVE
added 2007/10/17 1:0 a.m.49 views

CVE-2003-1373

The provided documents describe CVE-2003-1373 as a vulnerability in PhpBB versions 1.4.0 through 1.4.4. The issue is a directory traversal that lets remote attackers read and include arbitrary files via dot-dot sequences followed by NULL (%00) characters in CGI parameters, demonstrated for the la...

6.8CVSS7.2AI score0.01268EPSS
CVE
CVE
added 2006/04/20 10:0 a.m.46 views

CVE-2006-1895

The provided data confirms CVE-2006-1895 affecting phpBB: a direct static code injection in includes/template.php allows remote authenticated users with write access to execute arbitrary PHP by modifying templates. The root causes are (1) bypassing a loose regex intended to match BEGIN/END in ove...

6.5CVSS7.5AI score0.01388EPSS
CVE
CVE
added 2003/06/28 4:0 a.m.43 views

CVE-2003-0484

CVE-2003-0484 is an XSS vulnerability in phpBB's viewtopic.php where an attacker can inject arbitrary script via the topic_id parameter. Affected: phpBB (viewtopic.php); Impact: partial confidentiality, integrity, and availability concerns at the browser level due to script execution. CVSS2 base ...

6.8CVSS6.2AI score0.01206EPSS