CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2005-3418
https://notcve.org/view.php?id=CVE-2005-3418
01 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables. • http://marc.info/?l=bugtraq&m=113081113317600&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2005-3419
https://notcve.org/view.php?id=CVE-2005-3419
01 Nov 2005 — SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized. • http://marc.info/?l=bugtraq&m=113081113317600&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2005-3417
https://notcve.org/view.php?id=CVE-2005-3417
01 Nov 2005 — phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables. • http://marc.info/?l=bugtraq&m=113081113317600&w=2 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2005-3310
https://notcve.org/view.php?id=CVE-2005-3310
25 Oct 2005 — Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and th... • http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0479.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2161
https://notcve.org/view.php?id=CVE-2005-2161
06 Jul 2005 — Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags. • http://marc.info/?l=bugtraq&m=112059951605939&w=2 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2005-2086 – phpBB - 'viewtopic.php' Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2005-2086
30 Jun 2005 — PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. • https://www.exploit-db.com/exploits/16890 •
CVSS: 9.8EPSS: 26%CPEs: 24EXPL: 1CVE-2005-1193 – phpBB 2.0.x - 'BBCode.php' URL Tag
https://notcve.org/view.php?id=CVE-2005-1193
16 May 2005 — The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag. • https://www.exploit-db.com/exploits/25628 •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 1CVE-2005-1290
https://notcve.org/view.php?id=CVE-2005-1290
26 Apr 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. • http://marc.info/?l=bugtraq&m=111428283721756&w=2 •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 7CVE-2005-1234
https://notcve.org/view.php?id=CVE-2005-1234
24 Apr 2005 — Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php. • http://secunia.com/advisories/15029 •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 3CVE-2005-1235
https://notcve.org/view.php?id=CVE-2005-1235
24 Apr 2005 — auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message. • http://secunia.com/advisories/15029 •