CVE-2007-4653 – phpBB Links MOD 1.2.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-4653
SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action. Vulnerabilidad de inyección SQL en links.php en Links MOD 1.2.2 y anteriores para phpBB 2.0.22 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro star en un acción de búsqueda. • https://www.exploit-db.com/exploits/4346 http://osvdb.org/38427 http://www.securityfocus.com/bid/25501 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2006-6421 – phpBB 2.0.21 - 'privmsg.php' HTML Injection
https://notcve.org/view.php?id=CVE-2006-6421
Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el buzón de mensajes privados en phpBB 2.0.x permite a un usuario remoto validado inyectar secuencias de comandos web o HTML a través del campo "cuerpo de mensaje" de un mensaje a un usuario no existente. • https://www.exploit-db.com/exploits/29442 http://secunia.com/advisories/23283 http://securityreason.com/securityalert/2005 http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624 http://www.securityfocus.com/archive/1/453774/100/0/threaded http://www.securityfocus.com/archive/1/456579/100/0/threaded http://www.securityfocus.com/archive/1/456728/100/100/threaded http://www.securityfocus.com/archive/1/456784/100/100/threaded http://www.securityfocus.com/bid/21806 http:/ •
CVE-2006-5209 – phpBB Admin Topic Action Logging Mod 0.94b - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-5209
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en admin/admin_tocpi_action_logging.php en Admin Topic Action Logging Mod 0.95 y anteriores, usado en phpBB 2.0 hasta 2.0.21, permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro phpbb_root_path. • https://www.exploit-db.com/exploits/2475 https://exchange.xforce.ibmcloud.com/vulnerabilities/29345 •
CVE-2006-2865 – phpBB 2.0.x - 'template.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2865
PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod • https://www.exploit-db.com/exploits/27961 http://www.securityfocus.com/archive/1/435869/100/0/threaded http://www.securityfocus.com/archive/1/435978/100/0/threaded http://www.securityfocus.com/archive/1/435995/100/0/threaded http://www.securityfocus.com/archive/1/436118/100/0/threaded http://www.securityfocus.com/bid/18255 •
CVE-2006-2134 – Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2134
PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. • https://www.exploit-db.com/exploits/1728 http://secunia.com/advisories/19892 http://www.securityfocus.com/bid/17763 http://www.vupen.com/english/advisories/2006/1585 https://exchange.xforce.ibmcloud.com/vulnerabilities/26279 •