Page 14 of 104 results (0.003 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. • http://marc.info/?l=bugtraq&m=111168190630576&w=2 http://secunia.com/advisories/14659 http://securitytracker.com/id?1013554 https://exchange.xforce.ibmcloud.com/vulnerabilities/19824 •

CVSS: 5.0EPSS: 0%CPEs: 30EXPL: 2

phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. • http://marc.info/?l=bugtraq&m=110996579900134&w=2 http://neosecurityteam.net/Advisories/Advisory-09.txt http://neosecurityteam.tk/index.php?pagina=advisories&id=9 http://securitytracker.com/id?1013377 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. • http://neosecurityteam.tk/index.php?pagina=advisories&id=8 http://secunia.com/advisories/14475 http://securitytracker.com/id?1013362 •

CVSS: 7.5EPSS: 4%CPEs: 29EXPL: 3

sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. • https://www.exploit-db.com/exploits/897 https://www.exploit-db.com/exploits/871 https://www.exploit-db.com/exploits/889 http://marc.info/?l=bugtraq&m=110970201920206&w=2 http://marc.info/?l=bugtraq&m=110999268130739&w=2 http://secunia.com/advisories/14413 http://www.phpbb.com/phpBB/viewtopic.php?t=267563 •

CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 1

viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message. • https://github.com/Parcer0/CVE-2005-0603-phpBB-2.0.12-Full-path-disclosure http://marc.info/?l=bugtraq&m=110943646112950&w=2 http://neossecurity.net/Advisories/Advisory-06.txt http://secunia.com/advisories/14413 http://www.phpbb.com/phpBB/viewtopic.php?t=267563 •