6 matches found
CVE-2006-6839
CVE-2006-6839 affects phpBB before 2.0.22. The issue is described as an unspecified vulnerability with unknown impact and remote attack vectors related to redirection targets not being properly validated. CVSS base score listed as 10.0 (high impact). Debian/DSA-1488-1 indicates fixes: etch (stabl...
CVE-2006-6840
CVE-2006-6840 affects phpBB up to version 2.0.22 (and some older distributions) where a negative start parameter could lead to invalid output. The available connected sources confirm this as a remote web-app vulnerability in phpBB’s 2.0.x line with limited, unspecified impact and unknown exploita...
CVE-2006-6841
Affected product: phpBB (2.x). The issue CVE-2006-6841 arises from forms not performing session checks, enabling CSRF-like actions by an attacker on behalf of a logged-in user. Descriptions consistently indicate unknown impact in the original note, and multiple advisories/OSS records align on thi...
CVE-2006-2219
Summary: CVE-2006-2219 affects phpBB 2.0.20 . The issue arises because user-supplied input variable types are not verified before being passed to type-dependent functions, enabling information disclosure via error messages. Demonstrated with the mode parameter to memberlist.php and the highlight ...
CVE-2003-1373
The provided documents describe CVE-2003-1373 as a vulnerability in PhpBB versions 1.4.0 through 1.4.4. The issue is a directory traversal that lets remote attackers read and include arbitrary files via dot-dot sequences followed by NULL (%00) characters in CGI parameters, demonstrated for the la...
CVE-2007-1695
CVE-2007-1695 affects phpBB 2.0.19. The vulnerability is a PHP remote file inclusion in includes/usercp_register.php , enabling remote attackers to execute arbitrary PHP code via a URL provided to the phpbb_root_path parameter. The root cause, per provided descriptions, is insufficient validation...