VYPR

phpBB

by PhpBB

Source repositories

CVEs (119)

  • CVE-2015-1431Feb 10, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."

  • CVE-2013-5724Sep 12, 2013
    risk 0.00cvss epss 0.00

    Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations.

  • CVE-2010-1630May 19, 2010
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement."

  • CVE-2010-1627May 19, 2010
    risk 0.00cvss epss 0.01

    feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum.

  • CVE-2008-7143Sep 1, 2009
    risk 0.00cvss epss 0.01

    phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the…

  • CVE-2008-6507Mar 23, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum.

  • CVE-2008-6506Mar 23, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors.

  • CVE-2008-4125Sep 18, 2008
    risk 0.00cvss epss 0.02

    The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than…

  • CVE-2008-3224Jul 18, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()."

  • CVE-2008-1766Apr 12, 2008
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."

  • CVE-2008-0471Jan 29, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.

  • CVE-2007-5033Sep 21, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action.

  • CVE-2007-1695Mar 27, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks…

  • CVE-2006-2219Feb 8, 2007
    risk 0.00cvss epss 0.01

    phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to…

  • CVE-2006-2220Feb 8, 2007
    risk 0.00cvss epss 0.01

    phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL…

  • CVE-2006-6840Dec 31, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."

  • CVE-2006-6841Dec 31, 2006
    risk 0.00cvss epss 0.02

    Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.

  • CVE-2006-6839Dec 31, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."

  • CVE-2006-6508Dec 14, 2006
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2006-5435Oct 20, 2006
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use

Page 3 of 6