CVE-2005-0259
https://notcve.org/view.php?id=CVE-2005-0259
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. • http://secunia.com/advisories/14362 http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml http://www.idefense.com/application/poi/display?id=204&type=vulnerabilities http://www.kb.cert.org/vuls/id/774686 http://www.phpbb.com/support/documents.php?mode=changelog •
CVE-2004-2054
https://notcve.org/view.php?id=CVE-2004-2054
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php. • http://marc.info/?l=bugtraq&m=109034476122723&w=2 http://secunia.com/advisories/12114 http://www.securityfocus.com/bid/10753 https://exchange.xforce.ibmcloud.com/vulnerabilities/16759 •
CVE-2004-1809
https://notcve.org/view.php?id=CVE-2004-1809
Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php. • http://marc.info/?l=bugtraq&m=107920498205324&w=2 http://secunia.com/advisories/11121 http://www.osvdb.org/4257 http://www.osvdb.org/4259 http://www.phpbb.com/support/documents.php?mode=changelog#206 http://www.securityfocus.com/bid/9865 http://www.securityfocus.com/bid/9866 https://exchange.xforce.ibmcloud.com/vulnerabilities/15464 •
CVE-2004-2358
https://notcve.org/view.php?id=CVE-2004-2358
Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter. • http://archives.neohapsis.com/archives/bugtraq/2004-03/0219.html http://www.securityfocus.com/bid/9896 https://exchange.xforce.ibmcloud.com/vulnerabilities/15579 •
CVE-2004-2350 – phpBB 1.x/2.0.x - 'search.php?search_results' SQL Injection
https://notcve.org/view.php?id=CVE-2004-2350
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter. • https://www.exploit-db.com/exploits/23821 http://www.securityfocus.com/archive/1/357442 http://www.securityfocus.com/bid/9883 https://exchange.xforce.ibmcloud.com/vulnerabilities/15475 •