CVSS: 9.8EPSS: 8%CPEs: 16EXPL: 2CVE-2006-2134 – Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2134
02 May 2006 — PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. • https://www.exploit-db.com/exploits/1728 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1896
https://notcve.org/view.php?id=CVE-2006-1896
20 Apr 2006 — Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability. • http://secunia.com/advisories/20093 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-1895
https://notcve.org/view.php?id=CVE-2006-1895
20 Apr 2006 — Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl. • http://securityreason.com/securityalert/769 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1775
https://notcve.org/view.php?id=CVE-2006-1775
13 Apr 2006 — Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603. • http://osvdb.org/ref/24/24353-phpbb.txt •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-1603
https://notcve.org/view.php?id=CVE-2006-1603
04 Apr 2006 — Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://osvdb.org/ref/24/24353-phpbb.txt •
CVSS: 9.1EPSS: 1%CPEs: 29EXPL: 1CVE-2006-0632
https://notcve.org/view.php?id=CVE-2006-0632
10 Feb 2006 — The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. • http://secunia.com/advisories/18727 •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 1CVE-2006-0437
https://notcve.org/view.php?id=CVE-2006-0437
06 Feb 2006 — Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html •
CVSS: 8.8EPSS: 3%CPEs: 29EXPL: 1CVE-2006-0438
https://notcve.org/view.php?id=CVE-2006-0438
06 Feb 2006 — Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html •
CVSS: 7.5EPSS: 1%CPEs: 29EXPL: 2CVE-2006-0450
https://notcve.org/view.php?id=CVE-2006-0450
27 Jan 2006 — phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. phpBB 2.0.19 y anteriores permiten a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante (1) el registro de muchos usuarios mediante profile.php o (2) el uso uso de search.php para buscar de cierta manera que confunde a la base de datos. • https://github.com/Parcer0/CVE-2006-0450-phpBB-2.0.15-Multiple-DoS-Vulnerabilities •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-0063
https://notcve.org/view.php?id=CVE-2006-0063
05 Jan 2006 — Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en phpBB 2.0.19, cuando está habilitado "etiquetas HTML permitidas", permite a atacantes remotos inyectar 'scritp' web o HTML de su elección mediante una etiqu... • http://securityreason.com/achievement_securityalert/30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •