CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 3CVE-2011-3371
https://notcve.org/view.php?id=CVE-2011-3371
Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php. Varias vulnerabilidades de cross-site scripting (XSS) en include / functions.php en PunBB antes de v1.3.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, o (10) enviar parámetro a edit.php, la (11) acción, (12) form_sent, (13) csrf_token, (14) req_email, o (15) parámetro request_pass a login.php, el (16) correo electrónico, (17) form_sent, (18) REDIRECT_URL, (19) csrf_token, (20) req_subject, (21) req_message, o (22) enviar parámetro a misc.php, la acción (23), (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1 , (29) de actualización req_new_password2, o (30) parámetro para profile.php, o la acción (31), (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) zona horaria, o (39) registro de parámetros para register.php. • http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities http://punbb.informer.com/forums/topic/24430/punbb-136 http://securitytracker.com/id?1026073 http://www.openwall.com/lists/oss-security/2011/09/18/1 http://www.openwall.com/lists/oss-security/2011/09/22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 0CVE-2009-4894
https://notcve.org/view.php?id=CVE-2009-4894
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail. Múltiples secuencias de comandos en sitios cruzados (XSS) en profile.php en PunBB antes de v1.3.4 permite a atacantes remotos inyectar HTML o scripts web a través de (1) la contraseña o (2) el e-mail. • http://punbb.informer.com/forums/topic/21669/punbb-134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2010-0455
https://notcve.org/view.php?id=CVE-2010-0455
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en forum/viewtopic.php en PunBB v1.3 permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través del parámetro "id". • http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt http://www.securityfocus.com/bid/37930 https://exchange.xforce.ibmcloud.com/vulnerabilities/55853 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2008-7241
https://notcve.org/view.php?id=CVE-2008-7241
Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en PunBB anterior a v1.2.17, permite a atacantes remotos secuestrar la autenticación de usuarios sin especificar para peticiones relacionadas con el cierre de sesión. Probablemente relacionado con el cierre forzoso de sesión. • http://osvdb.org/48685 http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2CVE-2009-2786 – PunBB Reputation.php Mod 2.0.4 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2786
SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter. Vulnerabilidad de inyección SQL en reputation.php en el plugin Reputation v2.2.4, v2.2.3, v2.0.4, y anteriores para PunBB, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro poster. • https://www.exploit-db.com/exploits/9289 http://osvdb.org/56612 http://secunia.com/advisories/36020 http://www.exploit-db.com/exploits/9289 https://exchange.xforce.ibmcloud.com/vulnerabilities/52088 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •