CVE-2005-1290
https://notcve.org/view.php?id=CVE-2005-1290
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. • http://marc.info/?l=bugtraq&m=111428283721756&w=2 http://neosecurityteam.net/Advisories/Advisory-14.txt •
CVE-2005-1115
https://notcve.org/view.php?id=CVE-2005-1115
Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. • http://marc.info/?l=bugtraq&m=111343406309969&w=2 http://www.digitalparadox.org/advisories/phpbbp.txt http://www.securityfocus.com/bid/13157 http://www.securityfocus.com/bid/13158 •
CVE-2005-1114
https://notcve.org/view.php?id=CVE-2005-1114
Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters. • http://marc.info/?l=bugtraq&m=111343406309969&w=2 http://www.digitalparadox.org/advisories/phpbbp.txt http://www.osvdb.org/15931 http://www.securityfocus.com/bid/13155 https://exchange.xforce.ibmcloud.com/vulnerabilities/20086 •
CVE-2005-1047
https://notcve.org/view.php?id=CVE-2005-1047
Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory. • http://marc.info/?l=bugtraq&m=111299353030534&w=2 http://securitytracker.com/id?1013671 http://www.defacers.com.mx/advisories/2.txt •
CVE-2005-0872 – Topic Calendar 1.0.1 - 'Calendar_Scheduler.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-0872
Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter. • https://www.exploit-db.com/exploits/25270 http://marc.info/?l=bugtraq&m=111168190630576&w=2 http://secunia.com/advisories/14659 http://securitytracker.com/id?1013554 https://exchange.xforce.ibmcloud.com/vulnerabilities/19821 •