Vulnerabilities > Phpbb Group > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-22 | CVE-2005-3537 | Multiple Unspecified vulnerability in PHPBB A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs. | 5.0 |
| 2005-12-20 | CVE-2005-4358 | Remote Security vulnerability in PHPbb Group PHPbb 2.0.18 admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message. | 5.0 |
| 2005-11-24 | CVE-2005-3799 | Information Disclosure vulnerability in PHPbb Group PHPbb 2.0.18 phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path. | 5.0 |
| 2005-11-01 | CVE-2005-3418 | Unspecified vulnerability in PHPbb Group PHPbb Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables. network phpbb-group | 4.3 |
| 2005-07-06 | CVE-2005-2161 | Unspecified vulnerability in PHPbb Group PHPbb 2.0.16 Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags. network phpbb-group | 4.3 |
| 2005-05-02 | CVE-2005-1290 | Cross-Site Scripting vulnerability in phpBB Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. network phpbb-group | 4.3 |
| 2005-05-02 | CVE-2005-1235 | Information Disclosure vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message. | 5.0 |
| 2005-05-02 | CVE-2005-1234 | SQL Injection vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php. | 5.0 |
| 2005-05-02 | CVE-2005-1116 | Cross-Site Scripting vulnerability in phpBB Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. network phpbb-group | 4.3 |
| 2005-05-02 | CVE-2005-1115 | Cross-Site Scripting vulnerability in PHPBB Photo Album Module Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. | 4.3 |