CVSS: 10.0EPSS: 1%CPEs: 34EXPL: 0CVE-2008-3335
https://notcve.org/view.php?id=CVE-2008-3335
Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors. Vulnerabilidad sin especificar en PunBB anterior a 1.2.19, permite a atacantes remotos inyectar comandos SMTP a través de vectores no especificados. • http://punbb.informer.com http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt http://punbb.informer.com/forums/topic/19539/punbb-1219 http://secunia.com/advisories/31219 http://www.securityfocus.com/bid/30395 https://exchange.xforce.ibmcloud.com/vulnerabilities/44010 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.5EPSS: 1%CPEs: 31EXPL: 1CVE-2008-1484 – PunBB 1.2.16 - Blind Password Recovery
https://notcve.org/view.php?id=CVE-2008-1484
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737. La característica de reinicialización de contraseña en PunBB 1.2.16 y anteriores utiliza números aleatorios previsibles basados en la hora del sistema, lo que permite a usuarios autentificados remotamente averiguar la nueva contraseña a través de un ataque de fuerza bruta con una semilla que está basada en la creación aproximada de la cuenta objetivo. NOTA: este caso podría estar relacionado con CVE-2006-5737. • https://www.exploit-db.com/exploits/5165 http://osvdb.org/45561 http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt http://punbb.org/forums/viewtopic.php?id=18460 http://secunia.com/advisories/29043 http://sektioneins.de/advisories/SE-2008-01.txt http://www.securityfocus.com/archive/1/488408/100/200/threaded http://www.securityfocus.com/bid/27908 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2008-1485
https://notcve.org/view.php?id=CVE-2008-1485
Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en PunBB 1.2.16 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro get_host parameter a moderate.php. • http://osvdb.org/45561 http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt http://secunia.com/advisories/29043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6527
https://notcve.org/view.php?id=CVE-2007-6527
uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type. uploadimg.php del módulo Automatic Image Upload with Thumbnails (imgUpload) 1.3.2 para PunBB sólo verifica el campo Content-type de los archivos enviados, lo cual permite a atacantes remotos enviar y ejecutar contenido de su elección mediante un archivo con un tipo MIME (1) JPG, (2) GIF, O (3) PNG. • http://osvdb.org/42809 http://secunia.com/advisories/28138 http://www.fortconsult.net/images/pdf/advisories/punBB_imgUpload.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/39150 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2235
https://notcve.org/view.php?id=CVE-2007-2235
Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el PunBB 1.2.14 y versiones anteriores permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de (1) una cabecera Referer HTTP en el misc.php o (2) la categoría nombre ("name") cuando se borra una categoría del admin_categories.php. • http://dev.punbb.org/changeset/934 http://dev.punbb.org/changeset/938 http://secunia.com/advisories/24843 http://securityreason.com/securityalert/2613 http://www.acid-root.new.fr/advisories/13070411.txt http://www.securityfocus.com/archive/1/465338/100/100/threaded http://www.securityfocus.com/archive/1/465400/100/100/threaded http://www.vupen.com/english/advisories/2007/1362 •