Punbb@1.2.12 Security Vulnerabilities and Issues — Punbb@1.2.12 CVE List

Lucene search

PunbbPunbb1.2.12

11 matches found

CVE•added 2006/11/06 6:7 p.m.•55 views

CVE-2006-5738

Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

7.2CVSS8.5AI score0.00177EPSS

CVE•added 2006/11/06 6:7 p.m.•50 views

CVE-2006-5736

SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized.

5.1CVSS8AI score0.04833EPSS

CVE•added 2010/06/15 2:4 p.m.•47 views

CVE-2009-4894

Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.

4.3CVSS6AI score0.00263EPSS

CVE•added 2009/09/17 6:30 p.m.•45 views

CVE-2008-7241

Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout.

6.8CVSS7.1AI score0.00116EPSS

CVE•added 2008/07/27 11:41 p.m.•41 views

CVE-2008-3336

Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php.

4.3CVSS5.8AI score0.00475EPSS

CVE•added 2008/03/24 11:44 p.m.•39 views

CVE-2008-1485

Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.

4.3CVSS5.7AI score0.00296EPSS

CVE•added 2011/10/02 8:55 p.m.•37 views

CVE-2011-3371

Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf...

4.3CVSS5.9AI score0.00548EPSS

Web

CVE•added 2008/03/24 11:44 p.m.•33 views

CVE-2008-1484

The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: thi...

3.5CVSS6.3AI score0.10582EPSS

CVE•added 2008/12/11 3:30 p.m.•32 views

CVE-2008-5435

Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.

4.3CVSS5.7AI score0.00285EPSS

CVE•added 2006/09/13 11:7 p.m.•30 views

CVE-2006-4759

PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was orig...

3.6CVSS6.6AI score0.03124EPSS

CVE•added 2008/07/27 11:41 p.m.•28 views

CVE-2008-3335

Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.

10CVSS7AI score0.02423EPSS