VYPR

phpBB

by PhpBB

Source repositories

CVEs (119)

  • CVE-2004-0339Nov 23, 2004
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.

  • CVE-2004-0730Jul 27, 2004
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter…

  • CVE-2004-0729Jul 27, 2004
    risk 0.00cvss epss 0.01

    PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message.

  • CVE-2004-2055Jul 19, 2004
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.

  • CVE-2004-1950Apr 19, 2004
    risk 0.00cvss epss 0.01

    phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.

  • CVE-2003-1530Dec 31, 2003
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.

  • CVE-2003-1373Dec 31, 2003
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.

  • CVE-2003-1215Dec 29, 2003
    risk 0.00cvss epss 0.00

    SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.

  • CVE-2003-0486Aug 7, 2003
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.

  • CVE-2003-0484Aug 7, 2003
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.

  • CVE-2002-1537Mar 31, 2003
    risk 0.00cvss epss 0.02

    admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".

  • CVE-2002-1894Dec 31, 2002
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.

  • CVE-2002-1707Dec 31, 2002
    risk 0.00cvss epss 0.01

    install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.

  • CVE-2002-2346Dec 31, 2002
    risk 0.00cvss epss 0.01

    phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.

  • CVE-2002-2255Dec 31, 2002
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the search_username parameter in searchuser mode.

  • CVE-2002-0475Aug 12, 2002
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.

  • CVE-2002-0533Aug 12, 2002
    risk 0.00cvss epss 0.02

    phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.

  • CVE-2002-0473Aug 12, 2002
    risk 0.00cvss epss 0.05

    db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.

  • CVE-2001-1482Dec 31, 2001
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.

Page 6 of 6