Filtered by vendor Phpbb Group
Subscribe
Search
Total
94 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1315 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 7.5 HIGH | N/A |
| viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm. | |||||
| CVE-2001-1471 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 4.6 MEDIUM | N/A |
| prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. | |||||
| CVE-2001-1472 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter. | |||||
| CVE-2002-1707 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2003-0486 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter. | |||||
| CVE-2003-1215 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter. | |||||
| CVE-2003-1216 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter. | |||||
| CVE-2005-3799 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 5.0 MEDIUM | N/A |
| phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path. | |||||
| CVE-2005-3417 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables. | |||||
| CVE-2005-3418 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables. | |||||
| CVE-2005-3416 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail. | |||||
| CVE-2005-3420 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement. | |||||
| CVE-2005-3419 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized. | |||||
| CVE-2005-2161 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags. | |||||
| CVE-2005-2086 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2005-1290 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. | |||||
| CVE-2005-1115 | 2 Phpbb Group, Smartor | 2 Phpbb, Photo Album | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. | |||||
| CVE-2005-1196 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter. | |||||
| CVE-2005-1116 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. | |||||
| CVE-2005-1047 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory. | |||||
| CVE-2005-0614 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. | |||||
| CVE-2005-0603 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 5.0 MEDIUM | N/A |
| viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message. | |||||
| CVE-2005-0659 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 5.0 MEDIUM | N/A |
| phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. | |||||
| CVE-2004-2130 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables. | |||||
| CVE-2003-0484 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter. | |||||
| CVE-2002-0533 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 5.0 MEDIUM | N/A |
| phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. | |||||
| CVE-2002-0473 | 1 Phpbb Group | 1 Phpbb | 2016-09-17 | 10.0 HIGH | N/A |
| db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter. | |||||
| CVE-2006-0063 | 1 Phpbb Group | 1 Phpbb | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. | |||||
| CVE-2005-0259 | 1 Phpbb Group | 1 Phpbb | 2008-09-10 | 6.4 MEDIUM | N/A |
| phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. | |||||
| CVE-2005-0258 | 1 Phpbb Group | 1 Phpbb | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. | |||||
| CVE-2006-6841 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
| Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. | |||||
| CVE-2006-6840 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." | |||||
| CVE-2006-6839 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." | |||||
| CVE-2006-1775 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603. | |||||
| CVE-2005-3536 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. | |||||
| CVE-2005-3537 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs. | |||||
| CVE-2005-1235 | 1 Phpbb Group | 1 Phpbb-auction | 2008-09-05 | 5.0 MEDIUM | N/A |
| auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message. | |||||
| CVE-2005-0673 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. | |||||
| CVE-2003-1244 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php. | |||||
| CVE-2002-2176 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
| SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page. | |||||
| CVE-2002-1894 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | |||||
| CVE-2002-1537 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
| admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u". | |||||
| CVE-2002-0902 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. | |||||
| CVE-2002-0475 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 5.1 MEDIUM | N/A |
| Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. | |||||