Vulnerabilities > Punbb > Punbb > 1.1.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-02 | CVE-2011-3371 | Cross-Site Scripting vulnerability in Punbb Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php. | 4.3 |
2010-06-15 | CVE-2009-4894 | Cross-Site Scripting vulnerability in Punbb Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail. | 4.3 |
2009-09-17 | CVE-2008-7241 | Cross-Site Request Forgery (CSRF) vulnerability in Punbb Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout. | 6.8 |
2008-12-11 | CVE-2008-5435 | Cross-Site Scripting vulnerability in Punbb Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. | 4.3 |
2008-09-11 | CVE-2008-3968 | Cross-Site Scripting vulnerability in Punbb Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | 4.3 |
2008-07-27 | CVE-2008-3336 | Cross-Site Scripting vulnerability in Punbb Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php. | 4.3 |
2008-07-27 | CVE-2008-3335 | Code Injection vulnerability in Punbb Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors. | 10.0 |
2008-03-24 | CVE-2008-1485 | Cross-Site Scripting vulnerability in Punbb Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php. | 4.3 |
2008-03-24 | CVE-2008-1484 | Permissions, Privileges, and Access Controls vulnerability in Punbb The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. | 3.5 |
2006-11-06 | CVE-2006-5738 | SQL-Injection vulnerability in Punbb Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | 2.1 |