Vulnerabilities > Punbb

DATE CVE VULNERABILITY TITLE RISK
2011-10-02 CVE-2011-3371 Cross-Site Scripting vulnerability in Punbb
Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php.
network
punbb CWE-79
4.3
2010-06-15 CVE-2009-4894 Cross-Site Scripting vulnerability in Punbb
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.
network
punbb CWE-79
4.3
2010-01-28 CVE-2010-0455 Cross-Site Scripting vulnerability in Punbb 1.3
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.
network
punbb CWE-79
4.3
2009-09-17 CVE-2008-7241 Cross-Site Request Forgery (CSRF) vulnerability in Punbb
Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout.
network
punbb CWE-352
6.8
2009-08-17 CVE-2009-2787 Path Traversal vulnerability in Reputation 2.0.4/2.2.3
Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..
6.8
2009-08-17 CVE-2009-2786 SQL Injection vulnerability in Reputation 2.0.4/2.2.3
SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter.
network
low complexity
punbb reputation CWE-89
7.5
2009-07-02 CVE-2009-2308 SQL Injection vulnerability in Punres Affiliates MOD 1.0.0
Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter.
network
low complexity
punbb punres CWE-89
7.5
2009-07-01 CVE-2009-2276 SQL Injection vulnerability in Biglle Vote for US Extension 1.0
SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter.
network
low complexity
punbb biglle CWE-89
7.5
2009-02-27 CVE-2008-6308 Path Traversal vulnerability in Punbb Private Messaging System 1.2.0/1.2.1/1.2.2
Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a ..
network
high complexity
punbb CWE-22
5.1
2008-12-11 CVE-2008-5435 Cross-Site Scripting vulnerability in Punbb
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.
network
punbb CWE-79
4.3