CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2006-4779 – Vitrax Pre-modded 1.0.6-r3 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4779
14 Sep 2006 — PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad PHP de inclusión remota de archivo en includes/functions_portal.php en Vitrax Premodded phpBB 1.0.6-R3 y anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro phpbb_root_path. • https://www.exploit-db.com/exploits/2353 •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2006-4758 – Debian Linux Security Advisory 1488-1
https://notcve.org/view.php?id=CVE-2006-4758
13 Sep 2006 — phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. phpBB 2.0.21 no maneja adecuadamente los nombres de ruta que finalicen en %00, lo cual permite a un usuario remoto administrador validado actualizar ficheros de su elección, según se puede ver a través de la consulta a admin/admin_board.php con el parámetro avatar_p... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 2CVE-2006-4450 – phpBB 2.0.20 - Unauthorized HTTP Proxy
https://notcve.org/view.php?id=CVE-2006-4450
30 Aug 2006 — usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request. usercp_avatar.php en PHPBB 2.0.20, cuando la subida de ficheros avatar está habilitada, permite a atacantes remotos usar el servidor como un proxy web enviando una URL al parámetro avatarurl, el cual es usado entonces en una petición HTTP GET. • https://www.exploit-db.com/exploits/27863 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2006-3940 – phpBB-Auction 1.x - 'auction_room.php?ar' SQL Injection
https://notcve.org/view.php?id=CVE-2006-3940
31 Jul 2006 — Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error. Múltiples vulnerabilidades de inyección SQL en phpbb-Auction permiten a atacantes remotos ejecutar comandos SQL de su elección ... • https://www.exploit-db.com/exploits/28281 •
CVSS: 9.8EPSS: 4%CPEs: 30EXPL: 4CVE-2006-2865 – phpBB 2.0.x - 'template.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2865
06 Jun 2006 — PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod • https://www.exploit-db.com/exploits/27961 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2359 – phpBB Chart Mod 1.1 - 'charts.php?id' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2359
15 May 2006 — Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. • https://www.exploit-db.com/exploits/27858 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2360 – phpBB Chart Mod 1.1 - 'charts.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2360
15 May 2006 — SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. • https://www.exploit-db.com/exploits/27857 •
CVSS: 9.8EPSS: 9%CPEs: 3EXPL: 1CVE-2006-2245 – Auction 1.3m - 'phpbb_root_path' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2245
09 May 2006 — PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1747 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2219 – phpbb2020.txt
https://notcve.org/view.php?id=CVE-2006-2219
06 May 2006 — phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message. phpBB 2.0.20 no verifica tipos de variables de entrada especificadas por el usua... • http://marc.info/?l=bugtraq&m=114695651425026&w=2 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2150
https://notcve.org/view.php?id=CVE-2006-2150
03 May 2006 — PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. • http://www.osvdb.org/25294 •