Filtered by vendor Phpbb Group
Subscriptions
Total
93 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-2152 | 1 Phpbb Group | 1 Phpbb Advanced Guestbook | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | ||||
CVE-2006-2150 | 1 Phpbb Group | 1 Phpbb Toplist | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. | ||||
CVE-2006-2151 | 1 Phpbb Group | 1 Phpbb Toplist | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | ||||
CVE-2006-2134 | 1 Phpbb Group | 1 Phpbb | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||
CVE-2006-1896 | 1 Phpbb Group | 1 Phpbb | 2024-08-07 | N/A |
Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability. | ||||
CVE-2006-1895 | 1 Phpbb Group | 1 Phpbb | 2024-08-07 | N/A |
Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl. | ||||
CVE-2006-1603 | 1 Phpbb Group | 1 Phpbb | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2006-0632 | 1 Phpbb Group | 1 Phpbb | 2024-08-07 | N/A |
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. | ||||
CVE-2006-0437 | 1 Phpbb Group | 1 Phpbb | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. | ||||
CVE-2006-0438 | 1 Phpbb Group | 1 Phpbb | 2024-08-07 | N/A |
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. | ||||
CVE-2006-0450 | 1 Phpbb Group | 1 Phpbb | 2024-08-07 | N/A |
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. | ||||
CVE-2006-0063 | 1 Phpbb Group | 1 Phpbb | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. | ||||
CVE-2007-1695 | 1 Phpbb Group | 1 Phpbb | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly |