CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 3CVE-2009-2787 – PunBB Reputation.php Mod 2.0.4 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-2787
Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. Vulnerabilidad de salto de directorio en include/reputation/rep_profile.php en el plugin Reputation v2.2.4, v2.2.3, v2.0.4, y anteriores para PunBB, cuando está habilitado register_globals y está deshabilitado magic_quotesgpc, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección al utilizar caracteres .. (punto punto) en el parámetro pun_user[language]. • https://www.exploit-db.com/exploits/9315 http://osvdb.org/56613 http://packetstormsecurity.org/0907-exploits/punbbrep-lfi.txt http://secunia.com/advisories/36020 http://www.exploit-db.com/exploits/9315 https://exchange.xforce.ibmcloud.com/vulnerabilities/52138 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 4CVE-2009-2308 – PunBB Affiliates Mod 1.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2308
Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter. Múltiples vulnerabilidades de inyección SQL en affiliates.php del módulo Affiliation (también conocido como Affiliates) v1.1.0 y anteriores para PunBB, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) "in" o (2) "out". • https://www.exploit-db.com/exploits/9055 http://packetstormsecurity.org/0906-exploits/punbbaffiliations-blindsql.txt http://packetstormsecurity.org/0906-exploits/punbbaffiliationsin-blindsql.txt http://secunia.com/advisories/35654 http://www.exploit-db.com/exploits/9055 http://www.osvdb.org/55478 https://exchange.xforce.ibmcloud.com/vulnerabilities/51437 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2009-2276 – PunBB Extension Vote For Us 1.0.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2276
SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter. Vulnerabilidad de inyección SQL en voteforus.php en la extensión Vote For Us v1.0.1 y anteriores para PunBB, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "out". • https://www.exploit-db.com/exploits/9058 http://www.exploit-db.com/exploits/9058 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.1EPSS: 2%CPEs: 5EXPL: 2CVE-2008-6308 – PunBB (Private Messaging System 1.2.x) - Multiple Local File Inclusions
https://notcve.org/view.php?id=CVE-2008-6308
Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the pun_user[language] parameter to (1) functions_navlinks.php, (2) header_new_messages.php, (3) profile_send.php, and (4) viewtopic_PM-link.php in include/pms/. Múltiples vulnerabilidades de salto de directorio en Private Messaging System (PMS) v1.2.3 y anteriores para PunBB que permite a los atacantes remotos incluir y ejecutar arbitrariamente archivo a través de ..(punto punto) en el parámetro pun_user[language] para (1) functions_navlinks.php, (2) header_new_messages.php, (3) profile_send.php, y (4) viewtopic_PM-link.php en include/pms/. • https://www.exploit-db.com/exploits/7159 http://secunia.com/advisories/13201 http://www.securityfocus.com/bid/32360 http://www.vupen.com/english/advisories/2008/3214 https://exchange.xforce.ibmcloud.com/vulnerabilities/46718 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 42EXPL: 0CVE-2008-5435
https://notcve.org/view.php?id=CVE-2008-5435
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en moderate.php en PunBB antes de 1.3.1 permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través del asunto de un tema. • http://osvdb.org/50680 http://punbb.informer.com http://www.openwall.com/lists/oss-security/2008/12/09/3 http://www.securityfocus.com/bid/32800 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •