Page 12 of 63 results (0.008 seconds)

CVSS: 7.5EPSS: 1%CPEs: 19EXPL: 2

SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter. • https://www.exploit-db.com/exploits/137 http://marc.info/?l=bugtraq&m=106997132425576&w=2 http://marc.info/?l=bugtraq&m=107005608726609&w=2 http://marc.info/?l=bugtraq&m=107196735102970&w=2 http://www.phpbb.com/phpBB/viewtopic.php?t=153818 http://www.securityfocus.com/bid/9122 https://exchange.xforce.ibmcloud.com/vulnerabilities/13867 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter. Vulnerabilidad de inyección de SQL en viewtopic.php de phpBB 2.0.5 y anteriores permite a atacantes remotos robar picadillos (hashes) de contraseñas mediante el parámetro topic_id. • https://www.exploit-db.com/exploits/44 http://marc.info/?l=bugtraq&m=105607263130644&w=2 http://www.phpbb.com/phpBB/viewtopic.php?t=112052 http://www.securityfocus.com/bid/7979 https://exchange.xforce.ibmcloud.com/vulnerabilities/12366 •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u". admin_ug_auth.php en phpBB 2.0.0 permite a usuarios locales obtener privilegios de administración llamando directamente a admin_ug_auth.php con campos del formulario modificados tales como el ""u"". • http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html http://www.iss.net/security_center/static/10489.php http://www.osvdb.org/4284 http://www.securityfocus.com/bid/6056 •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page. • https://www.exploit-db.com/exploits/21660 http://online.securityfocus.com/archive/1/284691 http://www.iss.net/security_center/static/9692.php http://www.securityfocus.com/bid/5342 •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. • http://online.securityfocus.com/archive/1/277318 http://www.securityfocus.com/bid/5038 https://exchange.xforce.ibmcloud.com/vulnerabilities/9370 •