Vulnerabilities > Phpbb Group > Phpbb > 2.0.5

DATE CVE VULNERABILITY TITLE RISK
2006-12-10 CVE-2006-6421 Input Validation vulnerability in PHPBB
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
network
phpbb-group
6.0
2006-10-10 CVE-2006-5209 Remote Security vulnerability in phpBB
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
network
low complexity
phpbb-group
7.5
2006-02-10 CVE-2006-0632 Remote Security vulnerability in phpBB
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.
network
low complexity
phpbb-group
6.4
2006-02-06 CVE-2006-0438 Cross-Site Request Forgery vulnerability in phpBB
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php.
network
low complexity
phpbb-group
5.0
2006-01-27 CVE-2006-0450 Denial-Of-Service vulnerability in phpBB
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.
network
low complexity
phpbb-group
5.0
2005-12-22 CVE-2005-3537 Multiple Unspecified vulnerability in PHPBB
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.
network
low complexity
phpbb-group
5.0
2005-12-22 CVE-2005-3536 Multiple Unspecified vulnerability in PHPBB
SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type.
network
low complexity
phpbb-group
7.5
2005-11-01 CVE-2005-3420 Unspecified vulnerability in PHPbb Group PHPbb
usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.
network
low complexity
phpbb-group
7.5
2005-11-01 CVE-2005-3419 Unspecified vulnerability in PHPbb Group PHPbb
SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.
network
low complexity
phpbb-group
7.5
2005-11-01 CVE-2005-3418 Unspecified vulnerability in PHPbb Group PHPbb
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables.
network
phpbb-group
4.3