Vulnerabilities > Phpbb Group > Phpbb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-04 | CVE-2006-1603 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.19 Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. network phpbb-group | 4.3 |
| 2006-02-10 | CVE-2006-0632 | Remote Security vulnerability in phpBB The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. | 6.4 |
| 2006-02-06 | CVE-2006-0438 | Cross-Site Request Forgery vulnerability in phpBB Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. | 5.0 |
| 2006-02-06 | CVE-2006-0437 | Cross-Site Scripting vulnerability in phpBB Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. network phpbb-group | 4.3 |
| 2006-01-27 | CVE-2006-0450 | Denial-Of-Service vulnerability in phpBB phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. | 5.0 |
| 2006-01-05 | CVE-2006-0063 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.19 Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. | 4.3 |
| 2005-12-22 | CVE-2005-3537 | Multiple Unspecified vulnerability in PHPBB A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs. | 5.0 |
| 2005-12-20 | CVE-2005-4358 | Remote Security vulnerability in PHPbb Group PHPbb 2.0.18 admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message. | 5.0 |
| 2005-11-24 | CVE-2005-3799 | Information Disclosure vulnerability in PHPbb Group PHPbb 2.0.18 phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path. | 5.0 |
| 2005-11-01 | CVE-2005-3418 | Unspecified vulnerability in PHPbb Group PHPbb Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables. network phpbb-group | 4.3 |