CVSS: 9.8EPSS: 2%CPEs: 29EXPL: 3CVE-2005-0614 – phpBB 2.0.12 - Change User Rights Authentication Bypass
https://notcve.org/view.php?id=CVE-2005-0614
03 Mar 2005 — sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. • https://www.exploit-db.com/exploits/897 •
CVSS: 5.3EPSS: 0%CPEs: 21EXPL: 1CVE-2005-0603
https://notcve.org/view.php?id=CVE-2005-0603
28 Feb 2005 — viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message. • https://github.com/Parcer0/CVE-2005-0603-phpBB-2.0.12-Full-path-disclosure •
CVSS: 9.1EPSS: 0%CPEs: 21EXPL: 0CVE-2005-0258
https://notcve.org/view.php?id=CVE-2005-0258
22 Feb 2005 — Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. • http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml •
CVSS: 6.4EPSS: 0%CPEs: 21EXPL: 0CVE-2005-0259
https://notcve.org/view.php?id=CVE-2005-0259
22 Feb 2005 — phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. • http://secunia.com/advisories/14362 •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 1CVE-2004-2054
https://notcve.org/view.php?id=CVE-2004-2054
31 Dec 2004 — CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php. • http://marc.info/?l=bugtraq&m=109034476122723&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2004-1809
https://notcve.org/view.php?id=CVE-2004-1809
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php. • http://marc.info/?l=bugtraq&m=107920498205324&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 3CVE-2004-2350 – phpBB 1.x/2.0.x - 'search.php?search_results' SQL Injection
https://notcve.org/view.php?id=CVE-2004-2350
31 Dec 2004 — SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter. • https://www.exploit-db.com/exploits/23821 •
CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 1CVE-2004-1535 – phpBB 2.0.x - 'admin_cash.php' PHP Remote File Inclusion
https://notcve.org/view.php?id=CVE-2004-1535
31 Dec 2004 — PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/24751 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2004-2358
https://notcve.org/view.php?id=CVE-2004-2358
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter. • http://archives.neohapsis.com/archives/bugtraq/2004-03/0219.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2004-2130 – phpBB 2.0.6 - 'privmsg.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2130
23 Dec 2004 — Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables. • https://www.exploit-db.com/exploits/23475 •