Vulnerabilities > Punbb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-23 | CVE-2006-0866 | Remote Security vulnerability in Punbb PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters. | 5.0 |
| 2006-02-23 | CVE-2006-0865 | Denial-Of-Service vulnerability in Punbb PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly. | 5.0 |
| 2005-12-31 | CVE-2005-4688 | Denial-Of-Service vulnerability in Punbb 1.2.9 PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session. | 5.0 |
| 2005-12-31 | CVE-2005-4687 | PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header. | 5.0 |
| 2005-12-31 | CVE-2005-4686 | Information Disclosure vulnerability in PunBB/BLOG:CMS PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information. | 5.0 |
| 2005-12-31 | CVE-2005-4665 | HTML Injection vulnerability in PunBB BBCode URL Tag Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags. network punbb | 4.3 |
| 2005-11-06 | CVE-2005-3518 | Unspecified vulnerability in Punbb 1.2.7/1.2.8 SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter. | 7.5 |
| 2005-10-27 | CVE-2005-3328 | Unspecified vulnerability in Punbb PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter. | 7.5 |
| 2005-09-27 | CVE-2005-3079 | Remote Security vulnerability in Punbb PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection. | 4.6 |
| 2005-09-27 | CVE-2005-3078 | Cross-Site Scripting vulnerability in Punbb Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature. network punbb | 4.3 |