Vulnerabilities > Phpbb Group > Phpbb > 2.0.18
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-31 | CVE-2006-6841 | Input Validation vulnerability in PHPBB Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. | 10.0 |
2006-12-31 | CVE-2006-6840 | Input Validation vulnerability in PHPBB Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." | 10.0 |
2006-12-31 | CVE-2006-6839 | Input Validation vulnerability in PHPBB Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." | 10.0 |
2006-12-10 | CVE-2006-6421 | Input Validation vulnerability in PHPBB Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user. network phpbb-group | 6.0 |
2006-10-10 | CVE-2006-5209 | Remote Security vulnerability in phpBB PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-02-10 | CVE-2006-0632 | Remote Security vulnerability in phpBB The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. | 6.4 |
2006-02-06 | CVE-2006-0438 | Cross-Site Request Forgery vulnerability in phpBB Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. | 5.0 |
2006-02-06 | CVE-2006-0437 | Cross-Site Scripting vulnerability in phpBB Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. network phpbb-group | 4.3 |
2006-01-27 | CVE-2006-0450 | Denial-Of-Service vulnerability in phpBB phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. | 5.0 |
2005-12-20 | CVE-2005-4358 | Remote Security vulnerability in PHPbb Group PHPbb 2.0.18 admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message. | 5.0 |