VYPR

Vendor CVEs

PhpBB

All CVEs

356 total · sorted by risk
  • CVE-2002-1707Dec 31, 2002
    risk 0.00cvss epss 0.01

    install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.

  • CVE-2002-1894Dec 31, 2002
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.

  • CVE-2002-0533Aug 12, 2002
    risk 0.00cvss epss 0.02

    phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.

  • CVE-2002-0475Aug 12, 2002
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.

  • CVE-2002-0473Aug 12, 2002
    risk 0.00cvss epss 0.05

    db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.

  • CVE-2001-1482Dec 31, 2001
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.

Page 8 of 8