CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2234
https://notcve.org/view.php?id=CVE-2007-2234
include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php. include/common.php en PunBB 1.2.14 y anteriores no maneja adecuadamente una función deshabilitada ini_get cuando valida la configuración register_globals, lo cual permite a atacantes remotos registrar parámetros globales, como se demostró con el ataque de inyección SQL en el parámetro search_id en search.php. • http://dev.punbb.org/changeset/933 http://securityreason.com/securityalert/2613 http://www.acid-root.new.fr/advisories/13070411.txt http://www.securityfocus.com/archive/1/465338/100/100/threaded http://www.securityfocus.com/archive/1/465400/100/100/threaded •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-2236
https://notcve.org/view.php?id=CVE-2007-2236
footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file. footer.php de PunBB 1.2.14 y versiones anteriores permite a atacantes remotos incluir ficheros locales en include/user/ mediante un ataque de secuencias de comandos en sitios cruzados (XSS), ó mediante la etiqueta pun_include, como se demuestra al usar admin_options.php para ejecutar código PHP de un fichero avatar promocionado. • http://dev.punbb.org/changeset/937 http://secunia.com/advisories/24843 http://securityreason.com/securityalert/2613 http://www.acid-root.new.fr/advisories/13070411.txt http://www.securityfocus.com/archive/1/465338/100/100/threaded http://www.securityfocus.com/archive/1/465400/100/100/threaded http://www.vupen.com/english/advisories/2007/1362 •
CVSS: 5.1EPSS: 1%CPEs: 29EXPL: 2CVE-2006-5736
https://notcve.org/view.php?id=CVE-2006-5736
SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized. Vulnerabilidad de inyección SQL en search.php en PunBB anetrior a 1.2.14, cuando la instalación de PHP es vulnerable a CVE-2006-3017, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro array result_list, que no se inicializa. • http://securityreason.com/securityalert/1824 http://securitytracker.com/id?1017131 http://www.osvdb.org/30133 http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt http://www.securityfocus.com/archive/1/450055/100/0/threaded http://www.vupen.com/english/advisories/2006/4256 http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5737
https://notcve.org/view.php?id=CVE-2006-5737
PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions. PunBB usa un valor cookie_seed predecible que puede ser derivado del tiempo de registro de la cuenta superadmin (tiempo de instalación), lo cual puede permitir a usuarios locales realizar acciones no autorizadas. • http://securitytracker.com/id?1017131 http://www.osvdb.org/30134 http://www.securityfocus.com/archive/1/450055/100/0/threaded http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities •
CVSS: 2.1EPSS: 0%CPEs: 29EXPL: 0CVE-2006-5738
https://notcve.org/view.php?id=CVE-2006-5738
Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en PunBB anetrior a 1.2.14 permiten a adminstradores autenticados remotamente ejecutar comandos SQL de su elección a través de vectores no especificados. • http://forums.punbb.org/viewtopic.php?id=13496 http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt •