CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 2CVE-2006-4450 – phpBB 2.0.20 - Unauthorized HTTP Proxy
https://notcve.org/view.php?id=CVE-2006-4450
30 Aug 2006 — usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request. usercp_avatar.php en PHPBB 2.0.20, cuando la subida de ficheros avatar está habilitada, permite a atacantes remotos usar el servidor como un proxy web enviando una URL al parámetro avatarurl, el cual es usado entonces en una petición HTTP GET. • https://www.exploit-db.com/exploits/27863 •
CVSS: 9.8EPSS: 4%CPEs: 30EXPL: 4CVE-2006-2865 – phpBB 2.0.x - 'template.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2865
06 Jun 2006 — PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod • https://www.exploit-db.com/exploits/27961 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2219 – phpbb2020.txt
https://notcve.org/view.php?id=CVE-2006-2219
06 May 2006 — phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message. phpBB 2.0.20 no verifica tipos de variables de entrada especificadas por el usua... • http://marc.info/?l=bugtraq&m=114695651425026&w=2 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2220 – phpbb2020.txt
https://notcve.org/view.php?id=CVE-2006-2220
06 May 2006 — phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. phpBB 2.0.20 no verifica apropiadamente variables de entrada especificadas por el usuarios usadas como límite para las consultas SQL, lo cual permite a atacantes remotos obtener información confid... • http://marc.info/?l=bugtraq&m=114695651425026&w=2 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 6%CPEs: 16EXPL: 2CVE-2006-2134 – Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2134
02 May 2006 — PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. • https://www.exploit-db.com/exploits/1728 •
CVSS: 9.1EPSS: 1%CPEs: 29EXPL: 1CVE-2006-0632
https://notcve.org/view.php?id=CVE-2006-0632
10 Feb 2006 — The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. • http://secunia.com/advisories/18727 •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 1CVE-2006-0438
https://notcve.org/view.php?id=CVE-2006-0438
06 Feb 2006 — Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html •
CVSS: 7.5EPSS: 6%CPEs: 29EXPL: 2CVE-2006-0450
https://notcve.org/view.php?id=CVE-2006-0450
27 Jan 2006 — phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. phpBB 2.0.19 y anteriores permiten a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante (1) el registro de muchos usuarios mediante profile.php o (2) el uso uso de search.php para buscar de cierta manera que confunde a la base de datos. • https://github.com/Parcer0/CVE-2006-0450-phpBB-2.0.15-Multiple-DoS-Vulnerabilities •
CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 0CVE-2005-3537
https://notcve.org/view.php?id=CVE-2005-3537
22 Dec 2005 — A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs. • http://secunia.com/advisories/18098 •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2005-3536
https://notcve.org/view.php?id=CVE-2005-3536
22 Dec 2005 — SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. • http://secunia.com/advisories/18098 •