Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2005-07-06	CVE-2005-2161	Unspecified vulnerability in PHPbb Group PHPbb 2.0.16 Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags. network phpbb-group	4.3
2005-05-02	CVE-2005-1290	Cross-Site Scripting vulnerability in phpBB Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. network phpbb-group	4.3
2005-05-02	CVE-2005-1116	Cross-Site Scripting vulnerability in phpBB Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. network phpbb-group	4.3
2005-05-02	CVE-2005-1115	Cross-Site Scripting vulnerability in PHPBB Photo Album Module Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. network phpbb-group smartor	4.3
2005-05-02	CVE-2005-0872	Unspecified vulnerability in PHPbb Group PHPbb 1.0.1 Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter. network phpbb-group	4.3
2005-05-02	CVE-2005-0871	Information Disclosure vulnerability in PHPbb Group PHPbb 1.0.1 calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. network low complexity phpbb-group	5.0
2005-05-02	CVE-2005-0673	Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.13 Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. network phpbb-group	4.3
2005-05-02	CVE-2005-0659	Information Disclosure vulnerability in phpBB phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. network low complexity phpbb-group	5.0
2005-03-14	CVE-2005-0259	Unspecified vulnerability in PHPbb Group PHPbb phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. network low complexity phpbb-group	6.4
2005-03-14	CVE-2005-0258	Unspecified vulnerability in PHPbb Group PHPbb Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. network low complexity phpbb-group	5.0