Vulnerabilities > Phpbb Group

DATE CVE VULNERABILITY TITLE RISK
2006-04-20 CVE-2006-1896 Code Injection vulnerability in PHPbb Group PHPbb
Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. 		6.0
6.0
2006-04-20 CVE-2006-1895 Unspecified vulnerability in PHPbb Group PHPbb 2.0.9
Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.
network
low complexity
phpbb-group
6.5
6.5
2006-04-13 CVE-2006-1775 Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.19
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php.
network
phpbb-group
4.3
4.3
2006-04-04 CVE-2006-1603 Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.19
Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter.
network
phpbb-group
4.3
4.3
2006-02-10 CVE-2006-0632 Remote Security vulnerability in phpBB
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.
network
low complexity
phpbb-group
6.4
6.4
2006-02-06 CVE-2006-0438 Cross-Site Request Forgery vulnerability in phpBB
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php.
network
low complexity
phpbb-group
5.0
5.0
2006-02-06 CVE-2006-0437 Cross-Site Scripting vulnerability in phpBB
Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters.
network
phpbb-group
4.3
4.3
2006-01-27 CVE-2006-0450 Denial-Of-Service vulnerability in phpBB
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.
network
low complexity
phpbb-group
5.0
5.0
2006-01-05 CVE-2006-0063 Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.19
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. 		4.3
4.3
2005-12-22 CVE-2005-3537 Multiple Unspecified vulnerability in PHPBB
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.
network
low complexity
phpbb-group
5.0
5.0