Vulnerabilities > Phpbb Group > Medium

DATE CVE VULNERABILITY TITLE RISK
2005-05-02 CVE-2005-1113 Cross-Site Scripting vulnerability in PHPbb Group PHPbb Plus 1.3/1.51
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php.
network
phpbb-group
4.3
4.3
2005-05-02 CVE-2005-0872 Unspecified vulnerability in PHPbb Group PHPbb 1.0.1
Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter.
network
phpbb-group
4.3
4.3
2005-05-02 CVE-2005-0871 Information Disclosure vulnerability in PHPbb Group PHPbb 1.0.1
calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message.
network
low complexity
phpbb-group
5.0
5.0
2005-05-02 CVE-2005-0673 Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.13
Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php.
network
phpbb-group
4.3
4.3
2005-05-02 CVE-2005-0659 Information Disclosure vulnerability in phpBB
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.
network
low complexity
phpbb-group
5.0
5.0
2005-03-14 CVE-2005-0259 Unspecified vulnerability in PHPbb Group PHPbb
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.
network
low complexity
phpbb-group
6.4
6.4
2005-03-14 CVE-2005-0258 Unspecified vulnerability in PHPbb Group PHPbb
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.
network
low complexity
phpbb-group
5.0
5.0
2004-12-31 CVE-2004-2358 Multiple vulnerability in PhpBB admin_words.php
Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter.
network
phpbb-group
4.3
4.3
2004-12-31 CVE-2004-2054 HTTP Response Splitting vulnerability in PHPBB
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php.
network
low complexity
phpbb-group
5.0
5.0
2004-12-31 CVE-2004-1809 Cross-Site Scripting vulnerability in PHPBB
Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php.
network
phpbb-group
4.3
4.3