Vulnerabilities > Punbb > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-24 | CVE-2008-1484 | Permissions, Privileges, and Access Controls vulnerability in Punbb The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. | 3.5 |
2006-11-06 | CVE-2006-5738 | SQL-Injection vulnerability in Punbb Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | 2.1 |
2006-09-13 | CVE-2006-4759 | File-Upload vulnerability in Punbb 1.2.12 PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. | 3.6 |