CVE-2006-7148 – maluinfo 206.2.38 - 'bb_usage_stats.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-7148
PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893. Vulnerabilidad de inclusión remota de archivo en PHP en el includes/bb_usage_stats.php del maluinfo 206.2.38 para el Brazilian PHPBB permite a atacantes remotos ejecutar código PHP de su elección a través del parámetro phpbb_root_path. NOTA: puede ser la misma vulnerabilidad que la CVE-2006-4893. • https://www.exploit-db.com/exploits/2537 http://securityreason.com/securityalert/2380 http://www.securityfocus.com/archive/1/448639/100/0/threaded http://www.securityfocus.com/bid/20507 https://exchange.xforce.ibmcloud.com/vulnerabilities/29516 •
CVE-2006-7100 – phpBB Insert User Mod 0.1.2 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-7100
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad PHP de inclusión remota de archivo en includes/functions_mod_user.php en phpBB Insert User 0.1.2 y anteriores permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro phpbb_root_path. • https://www.exploit-db.com/exploits/2525 http://securityreason.com/securityalert/2331 http://www.securityfocus.com/archive/1/448542/100/0/threaded http://www.securityfocus.com/bid/20493 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-7090
https://notcve.org/view.php?id=CVE-2006-7090
PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en phpbb_security.php de phpBBSecurity 1.0.1 y anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro php_root_path. • http://securityreason.com/securityalert/2327 http://www.securityfocus.com/archive/1/448607 http://www.securityfocus.com/bid/20518 https://exchange.xforce.ibmcloud.com/vulnerabilities/29573 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-7076
https://notcve.org/view.php?id=CVE-2006-7076
Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en guestbook.php de Advanced Guestbook 2.4 para phpBB permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro entry. NOTA: esta vulnerabilidad podría ser resultado de una inyección SQL. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0381.html http://secunia.com/advisories/19905 http://securityreason.com/securityalert/2323 http://www.majorsecurity.de/advisory/major_rls25.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/27907 •
CVE-2006-7077
https://notcve.org/view.php?id=CVE-2006-7077
SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter. Vulnerabilidad de inyección SQL en guestbook.php en Advanced Guestbook 2.4 para phpBB permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro entry. • http://archives.neohapsis.com/archives/bugtraq/2006-07/0381.html http://secunia.com/advisories/19905 http://securityreason.com/securityalert/2323 http://www.majorsecurity.de/advisory/major_rls25.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/27908 •