Page 10 of 65 results (0.004 seconds)

CVSS: 6.4EPSS: 0%CPEs: 21EXPL: 0

phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. • http://secunia.com/advisories/14362 http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml http://www.idefense.com/application/poi/display?id=204&type=vulnerabilities http://www.kb.cert.org/vuls/id/774686 http://www.phpbb.com/support/documents.php?mode=changelog •

CVSS: 5.0EPSS: 1%CPEs: 21EXPL: 0

Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. • http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml http://www.idefense.com/application/poi/display?id=205&type=vulnerabilities http://www.phpbb.com/support/documents.php?mode=changelog •

CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 1

CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php. • http://marc.info/?l=bugtraq&m=109034476122723&w=2 http://secunia.com/advisories/12114 http://www.securityfocus.com/bid/10753 https://exchange.xforce.ibmcloud.com/vulnerabilities/16759 •

CVSS: 7.5EPSS: 3%CPEs: 16EXPL: 1

PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/24751 http://marc.info/?l=bugtraq&m=110075903308817&w=2 http://marc.info/?l=bugtraq&m=110082153702843&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18151 •

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php. • http://marc.info/?l=bugtraq&m=107920498205324&w=2 http://secunia.com/advisories/11121 http://www.osvdb.org/4257 http://www.osvdb.org/4259 http://www.phpbb.com/support/documents.php?mode=changelog#206 http://www.securityfocus.com/bid/9865 http://www.securityfocus.com/bid/9866 https://exchange.xforce.ibmcloud.com/vulnerabilities/15464 •