VYPR

Vendor CVEs

PhpBB

All CVEs

356 total · sorted by risk
  • CVE-2021-44181Dec 20, 2021
    risk 0.00cvss epss 0.03

    Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF…

  • CVE-2021-44180Dec 20, 2021
    risk 0.00cvss epss 0.03

    Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF…

  • CVE-2021-44183Dec 20, 2021
    risk 0.00cvss epss 0.02

    Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user…

  • CVE-2021-44182Dec 20, 2021
    risk 0.00cvss epss 0.02

    Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user…

  • CVE-2021-43763Dec 20, 2021
    risk 0.00cvss epss 0.02

    Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user…

  • CVE-2021-44179Dec 20, 2021
    risk 0.00cvss epss 0.03

    Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…

  • CVE-2021-28595Aug 20, 2021
    risk 0.00cvss epss 0.03

    Adobe Dimension version 3.4 (and earlier) is affected by an Uncontrolled Search Path Element element. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user…

  • CVE-2020-8226Aug 17, 2020
    risk 0.00cvss epss 0.01

    A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.

  • CVE-2019-20377Jan 11, 2020
    risk 0.00cvss epss 0.01

    TopList before 2019-09-03 allows XSS via a title.

  • CVE-2011-0544Nov 13, 2019
    risk 0.00cvss epss 0.01

    phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.

  • CVE-2018-19202Apr 11, 2019
    risk 0.00cvss epss 0.01

    A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.

  • CVE-2018-19201Mar 29, 2019
    risk 0.00cvss epss 0.01

    A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.

  • CVE-2015-1432Feb 10, 2015
    risk 0.00cvss epss 0.01

    The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.

  • CVE-2015-1431Feb 10, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."

  • CVE-2013-5724Sep 12, 2013
    risk 0.00cvss epss 0.00

    Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations.

  • CVE-2010-1630May 19, 2010
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement."

  • CVE-2010-1627May 19, 2010
    risk 0.00cvss epss 0.01

    feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum.

  • CVE-2008-7143Sep 1, 2009
    risk 0.00cvss epss 0.01

    phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the…

  • CVE-2008-6507Mar 23, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum.

  • CVE-2008-6506Mar 23, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors.

  • CVE-2008-4125Sep 18, 2008
    risk 0.00cvss epss 0.02

    The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than…

  • CVE-2008-3224Jul 18, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()."

  • CVE-2008-1766Apr 12, 2008
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."

  • CVE-2008-1171Mar 5, 2008
    risk 0.00cvss epss 0.01

    Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because…

  • CVE-2008-0471Jan 29, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.

  • CVE-2007-5100Sep 26, 2007
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php,…

  • CVE-2007-5033Sep 21, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action.

  • CVE-2007-2858May 24, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field.

  • CVE-2007-1964Apr 11, 2007
    risk 0.00cvss epss 0.01

    member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password…

  • CVE-2007-1695Mar 27, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks…

  • CVE-2006-7174Mar 21, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this may be the same issue as CVE-2006-5235.

  • CVE-2006-7090Mar 2, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter.

  • CVE-2006-7076Mar 2, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection.

  • CVE-2006-7077Mar 2, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter.

  • CVE-2006-2219Feb 8, 2007
    risk 0.00cvss epss 0.01

    phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to…

  • CVE-2006-2220Feb 8, 2007
    risk 0.00cvss epss 0.01

    phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL…

  • CVE-2006-6840Dec 31, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."

  • CVE-2006-6841Dec 31, 2006
    risk 0.00cvss epss 0.02

    Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.

  • CVE-2006-6839Dec 31, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."

  • CVE-2006-6508Dec 14, 2006
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2006-6459Dec 11, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (toplistnew action).

  • CVE-2006-5435Oct 20, 2006
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use

  • CVE-2006-5235Oct 11, 2006
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in includes/functions_kb.php in Dimension of phpBB 0.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2006-4972Sep 25, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.

  • CVE-2006-4971Sep 25, 2006
    risk 0.00cvss epss 0.01

    MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.

  • CVE-2006-4893Sep 19, 2006
    risk 0.00cvss epss 0.03

    PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.

  • CVE-2006-4758Sep 13, 2006
    risk 0.00cvss epss 0.02

    phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.

  • CVE-2006-4706Sep 12, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded…

  • CVE-2006-4707Sep 12, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).

  • CVE-2006-3953Aug 1, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

Page 5 of 8