Filtered by vendor Punbb
Subscriptions
Total
47 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-2234 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php. | ||||
CVE-2006-5738 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2006-5737 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions. | ||||
CVE-2006-5736 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized. | ||||
CVE-2006-5735 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table. | ||||
CVE-2006-4759 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926. | ||||
CVE-2006-2724 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227. | ||||
CVE-2006-2227 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized. | ||||
CVE-2006-1090 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations. | ||||
CVE-2006-1089 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag. | ||||
CVE-2006-0866 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters. | ||||
CVE-2006-0865 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly. | ||||
CVE-2005-4688 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session. | ||||
CVE-2005-4687 | 2 F-art Agency, Punbb | 2 Blog Cms, Punbb | 2024-11-21 | N/A |
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header. | ||||
CVE-2005-4686 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information. | ||||
CVE-2005-4665 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags. | ||||
CVE-2005-3518 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter. | ||||
CVE-2005-3328 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter. | ||||
CVE-2005-3079 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection. | ||||
CVE-2005-3078 | 1 Punbb | 1 Punbb | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature. |