Vulnerabilities > Phpbb Group

DATE CVE VULNERABILITY TITLE RISK
2005-05-02 CVE-2005-1114 Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters.
network
low complexity
phpbb-group smartor
7.5
7.5
2005-05-02 CVE-2005-1113 Cross-Site Scripting vulnerability in PHPbb Group PHPbb Plus 1.3/1.51
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php.
network
phpbb-group
4.3
4.3
2005-05-02 CVE-2005-0872 Unspecified vulnerability in PHPbb Group PHPbb 1.0.1
Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter.
network
phpbb-group
4.3
4.3
2005-05-02 CVE-2005-0871 Information Disclosure vulnerability in PHPbb Group PHPbb 1.0.1
calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message.
network
low complexity
phpbb-group
5.0
5.0
2005-05-02 CVE-2005-0673 Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.13
Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php.
network
phpbb-group
4.3
4.3
2005-05-02 CVE-2005-0659 Information Disclosure vulnerability in phpBB
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.
network
low complexity
phpbb-group
5.0
5.0
2005-05-02 CVE-2005-0614 Remote Security vulnerability in phpBB
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.
network
low complexity
phpbb-group
7.5
7.5
2005-03-14 CVE-2005-0259 Unspecified vulnerability in PHPbb Group PHPbb
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.
network
low complexity
phpbb-group
6.4
6.4
2005-03-14 CVE-2005-0258 Unspecified vulnerability in PHPbb Group PHPbb
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.
network
low complexity
phpbb-group
5.0
5.0
2004-12-31 CVE-2004-2358 Multiple vulnerability in PhpBB admin_words.php
Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter.
network
phpbb-group
4.3
4.3