Vendor CVEs
PhpBB
All CVEs
356 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-44181 | 0.00 | — | 0.03 | Dec 20, 2021 | Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF… | |||
| CVE-2021-44180 | 0.00 | — | 0.03 | Dec 20, 2021 | Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF… | |||
| CVE-2021-44183 | 0.00 | — | 0.02 | Dec 20, 2021 | Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user… | |||
| CVE-2021-44182 | 0.00 | — | 0.02 | Dec 20, 2021 | Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user… | |||
| CVE-2021-43763 | 0.00 | — | 0.02 | Dec 20, 2021 | Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user… | |||
| CVE-2021-44179 | 0.00 | — | 0.03 | Dec 20, 2021 | Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this… | |||
| CVE-2021-28595 | 0.00 | — | 0.03 | Aug 20, 2021 | Adobe Dimension version 3.4 (and earlier) is affected by an Uncontrolled Search Path Element element. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user… | |||
| CVE-2020-8226 | 0.00 | — | 0.01 | Aug 17, 2020 | A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. | |||
| CVE-2019-20377 | 0.00 | — | 0.01 | Jan 11, 2020 | TopList before 2019-09-03 allows XSS via a title. | |||
| CVE-2011-0544 | 0.00 | — | 0.01 | Nov 13, 2019 | phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | |||
| CVE-2018-19202 | 0.00 | — | 0.01 | Apr 11, 2019 | A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter. | |||
| CVE-2018-19201 | 0.00 | — | 0.01 | Mar 29, 2019 | A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter. | |||
| CVE-2015-1432 | 0.00 | — | 0.01 | Feb 10, 2015 | The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors. | |||
| CVE-2015-1431 | 0.00 | — | 0.03 | Feb 10, 2015 | Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite." | |||
| CVE-2013-5724 | 0.00 | — | 0.00 | Sep 12, 2013 | Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations. | |||
| CVE-2010-1630 | 0.00 | — | 0.01 | May 19, 2010 | Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement." | |||
| CVE-2010-1627 | 0.00 | — | 0.01 | May 19, 2010 | feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum. | |||
| CVE-2008-7143 | 0.00 | — | 0.01 | Sep 1, 2009 | phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the… | |||
| CVE-2008-6507 | 0.00 | — | 0.01 | Mar 23, 2009 | Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum. | |||
| CVE-2008-6506 | 0.00 | — | 0.01 | Mar 23, 2009 | Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. | |||
| CVE-2008-4125 | 0.00 | — | 0.02 | Sep 18, 2008 | The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than… | |||
| CVE-2008-3224 | 0.00 | — | 0.01 | Jul 18, 2008 | Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()." | |||
| CVE-2008-1766 | 0.00 | — | 0.01 | Apr 12, 2008 | Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs." | |||
| CVE-2008-1171 | 0.00 | — | 0.01 | Mar 5, 2008 | Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because… | |||
| CVE-2008-0471 | 0.00 | — | 0.01 | Jan 29, 2008 | Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action. | |||
| CVE-2007-5100 | 0.00 | — | 0.02 | Sep 26, 2007 | Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php,… | |||
| CVE-2007-5033 | 0.00 | — | 0.01 | Sep 21, 2007 | Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action. | |||
| CVE-2007-2858 | 0.00 | — | 0.01 | May 24, 2007 | SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field. | |||
| CVE-2007-1964 | 0.00 | — | 0.01 | Apr 11, 2007 | member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password… | |||
| CVE-2007-1695 | 0.00 | — | 0.02 | Mar 27, 2007 | PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks… | |||
| CVE-2006-7174 | 0.00 | — | 0.02 | Mar 21, 2007 | PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this may be the same issue as CVE-2006-5235. | |||
| CVE-2006-7090 | 0.00 | — | 0.01 | Mar 2, 2007 | PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter. | |||
| CVE-2006-7076 | 0.00 | — | 0.01 | Mar 2, 2007 | Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection. | |||
| CVE-2006-7077 | 0.00 | — | 0.01 | Mar 2, 2007 | SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter. | |||
| CVE-2006-2219 | 0.00 | — | 0.01 | Feb 8, 2007 | phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to… | |||
| CVE-2006-2220 | 0.00 | — | 0.01 | Feb 8, 2007 | phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL… | |||
| CVE-2006-6840 | 0.00 | — | 0.02 | Dec 31, 2006 | Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." | |||
| CVE-2006-6841 | 0.00 | — | 0.02 | Dec 31, 2006 | Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. | |||
| CVE-2006-6839 | 0.00 | — | 0.02 | Dec 31, 2006 | Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." | |||
| CVE-2006-6508 | 0.00 | — | 0.01 | Dec 14, 2006 | Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2006-6459 | 0.00 | — | 0.01 | Dec 11, 2006 | Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (toplistnew action). | |||
| CVE-2006-5435 | 0.00 | — | 0.01 | Oct 20, 2006 | PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use | |||
| CVE-2006-5235 | 0.00 | — | 0.01 | Oct 11, 2006 | PHP remote file inclusion vulnerability in includes/functions_kb.php in Dimension of phpBB 0.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2006-4972 | 0.00 | — | 0.01 | Sep 25, 2006 | Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter. | |||
| CVE-2006-4971 | 0.00 | — | 0.01 | Sep 25, 2006 | MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message. | |||
| CVE-2006-4893 | 0.00 | — | 0.03 | Sep 19, 2006 | PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780. | |||
| CVE-2006-4758 | 0.00 | — | 0.02 | Sep 13, 2006 | phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. | |||
| CVE-2006-4706 | 0.00 | — | 0.02 | Sep 12, 2006 | Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded… | |||
| CVE-2006-4707 | 0.00 | — | 0.02 | Sep 12, 2006 | Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]). | |||
| CVE-2006-3953 | 0.00 | — | 0.01 | Aug 1, 2006 | Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. |
- CVE-2021-44181Dec 20, 2021risk 0.00cvss —epss 0.03
Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF…
- CVE-2021-44180Dec 20, 2021risk 0.00cvss —epss 0.03
Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF…
- CVE-2021-44183Dec 20, 2021risk 0.00cvss —epss 0.02
Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user…
- CVE-2021-44182Dec 20, 2021risk 0.00cvss —epss 0.02
Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user…
- CVE-2021-43763Dec 20, 2021risk 0.00cvss —epss 0.02
Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user…
- CVE-2021-44179Dec 20, 2021risk 0.00cvss —epss 0.03
Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this…
- CVE-2021-28595Aug 20, 2021risk 0.00cvss —epss 0.03
Adobe Dimension version 3.4 (and earlier) is affected by an Uncontrolled Search Path Element element. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user…
- CVE-2020-8226Aug 17, 2020risk 0.00cvss —epss 0.01
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.
- CVE-2019-20377Jan 11, 2020risk 0.00cvss —epss 0.01
TopList before 2019-09-03 allows XSS via a title.
- CVE-2011-0544Nov 13, 2019risk 0.00cvss —epss 0.01
phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.
- CVE-2018-19202Apr 11, 2019risk 0.00cvss —epss 0.01
A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.
- CVE-2018-19201Mar 29, 2019risk 0.00cvss —epss 0.01
A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.
- CVE-2015-1432Feb 10, 2015risk 0.00cvss —epss 0.01
The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.
- CVE-2015-1431Feb 10, 2015risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."
- CVE-2013-5724Sep 12, 2013risk 0.00cvss —epss 0.00
Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations.
- CVE-2010-1630May 19, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement."
- CVE-2010-1627May 19, 2010risk 0.00cvss —epss 0.01
feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum.
- CVE-2008-7143Sep 1, 2009risk 0.00cvss —epss 0.01
phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the…
- CVE-2008-6507Mar 23, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum.
- CVE-2008-6506Mar 23, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors.
- CVE-2008-4125Sep 18, 2008risk 0.00cvss —epss 0.02
The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than…
- CVE-2008-3224Jul 18, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()."
- CVE-2008-1766Apr 12, 2008risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."
- CVE-2008-1171Mar 5, 2008risk 0.00cvss —epss 0.01
Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because…
- CVE-2008-0471Jan 29, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.
- CVE-2007-5100Sep 26, 2007risk 0.00cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php,…
- CVE-2007-5033Sep 21, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action.
- CVE-2007-2858May 24, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field.
- CVE-2007-1964Apr 11, 2007risk 0.00cvss —epss 0.01
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password…
- CVE-2007-1695Mar 27, 2007risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks…
- CVE-2006-7174Mar 21, 2007risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this may be the same issue as CVE-2006-5235.
- CVE-2006-7090Mar 2, 2007risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter.
- CVE-2006-7076Mar 2, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection.
- CVE-2006-7077Mar 2, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter.
- CVE-2006-2219Feb 8, 2007risk 0.00cvss —epss 0.01
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to…
- CVE-2006-2220Feb 8, 2007risk 0.00cvss —epss 0.01
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL…
- CVE-2006-6840Dec 31, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
- CVE-2006-6841Dec 31, 2006risk 0.00cvss —epss 0.02
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
- CVE-2006-6839Dec 31, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
- CVE-2006-6508Dec 14, 2006risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2006-6459Dec 11, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (toplistnew action).
- CVE-2006-5435Oct 20, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use
- CVE-2006-5235Oct 11, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in includes/functions_kb.php in Dimension of phpBB 0.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are…
- CVE-2006-4972Sep 25, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.
- CVE-2006-4971Sep 25, 2006risk 0.00cvss —epss 0.01
MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
- CVE-2006-4893Sep 19, 2006risk 0.00cvss —epss 0.03
PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.
- CVE-2006-4758Sep 13, 2006risk 0.00cvss —epss 0.02
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
- CVE-2006-4706Sep 12, 2006risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded…
- CVE-2006-4707Sep 12, 2006risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).
- CVE-2006-3953Aug 1, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
Page 5 of 8