Page 13 of 65 results (0.006 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u". admin_ug_auth.php en phpBB 2.0.0 permite a usuarios locales obtener privilegios de administración llamando directamente a admin_ug_auth.php con campos del formulario modificados tales como el ""u"". • http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html http://www.iss.net/security_center/static/10489.php http://www.osvdb.org/4284 http://www.securityfocus.com/bid/6056 •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page. • https://www.exploit-db.com/exploits/21660 http://online.securityfocus.com/archive/1/284691 http://www.iss.net/security_center/static/9692.php http://www.securityfocus.com/bid/5342 •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code. • http://online.securityfocus.com/archive/1/277318 http://www.securityfocus.com/bid/5038 https://exchange.xforce.ibmcloud.com/vulnerabilities/9370 •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. • http://online.securityfocus.com/archive/1/294560 http://www.iss.net/security_center/static/10323.php http://www.securityfocus.com/bid/5923 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 2

Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. Vulnerabilidad de secuencias de comandos en sitios cruzados en phpBB 2.0.0 (phpBB) permite a atacantes remotos ejecutar Javascript como otros usuarios de phpBB incluyendo http:// y comillas dobles ("") en una etiquieta IMG, lo que evade la comprobación de seguridad de phpBB, termina el parámetro src de la etiqueta HTML IMG, e injecta la secuencia de comandos. • https://www.exploit-db.com/exploits/21486 http://online.securityfocus.com/archive/1/274273 http://www.iss.net/security_center/static/9178.php http://www.securityfocus.com/bid/4858 •