Vulnerabilities > Punbb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-25 | CVE-2007-2234 | SQL-Injection vulnerability in Punbb include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php. | 7.5 |
| 2006-11-06 | CVE-2006-5738 | SQL-Injection vulnerability in Punbb Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | 2.1 |
| 2006-11-06 | CVE-2006-5737 | Cross-Site Request Forgery vulnerability in Punbb 1.2.14 PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions. | 7.2 |
| 2006-11-06 | CVE-2006-5736 | SQL-Injection vulnerability in Punbb SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized. | 5.1 |
| 2006-11-06 | CVE-2006-5735 | File-Upload vulnerability in Punbb Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. | 7.5 |
| 2006-09-13 | CVE-2006-4759 | File-Upload vulnerability in Punbb 1.2.12 PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. | 3.6 |
| 2006-06-01 | CVE-2006-2724 | Cross-Site Scripting vulnerability in Punbb 1.2.11 Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227. network punbb | 6.8 |
| 2006-05-05 | CVE-2006-2227 | Input Validation vulnerability in Punbb 1.2.11 Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized. network punbb | 4.3 |
| 2006-03-09 | CVE-2006-1090 | Denial-Of-Service vulnerability in Punbb 1.2.10 register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations. | 7.8 |
| 2006-03-09 | CVE-2006-1089 | Cross-Site Scripting vulnerability in PunBB Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag. network punbb | 4.3 |