Vulnerabilities > Punbb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-02 | CVE-2011-3371 | Cross-Site Scripting vulnerability in Punbb Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php. | 4.3 |
| 2010-06-15 | CVE-2009-4894 | Cross-Site Scripting vulnerability in Punbb Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail. | 4.3 |
| 2010-01-28 | CVE-2010-0455 | Cross-Site Scripting vulnerability in Punbb 1.3 Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter. | 4.3 |
| 2009-09-17 | CVE-2008-7241 | Cross-Site Request Forgery (CSRF) vulnerability in Punbb Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout. | 6.8 |
| 2009-08-17 | CVE-2009-2787 | Path Traversal vulnerability in Reputation 2.0.4/2.2.3 Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2009-08-17 | CVE-2009-2786 | SQL Injection vulnerability in Reputation 2.0.4/2.2.3 SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter. | 7.5 |
| 2009-07-02 | CVE-2009-2308 | SQL Injection vulnerability in Punres Affiliates MOD 1.0.0 Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter. | 7.5 |
| 2009-07-01 | CVE-2009-2276 | SQL Injection vulnerability in Biglle Vote for US Extension 1.0 SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter. | 7.5 |
| 2009-02-27 | CVE-2008-6308 | Path Traversal vulnerability in Punbb Private Messaging System 1.2.0/1.2.1/1.2.2 Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. | 5.1 |
| 2008-12-11 | CVE-2008-5435 | Cross-Site Scripting vulnerability in Punbb Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. | 4.3 |