Page 4 of 151 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite." Vulnerabilidad de XSS en includes/startup.php en phpBB anterior a 3.0.13 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores relacionados con 'la sobrescritura de rutas relativas.' • http://seclists.org/oss-sec/2015/q1/373 http://www.securityfocus.com/bid/72405 https://exchange.xforce.ibmcloud.com/vulnerabilities/100670 https://github.com/phpbb/phpbb/commit/eaeb88133f1f028fa06f0ebe5639668436fd469e https://github.com/phpbb/phpbb/pull/3316 https://security.gentoo.org/glsa/201701-25 https://tracker.phpbb.com/browse/PHPBB3-13531 https://wiki.phpbb.com/Release_Highlights/3.0.13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum. feed.php en phpBB v3.0.7 anterior a v3.0.7-PL1 no comprueba correctamente los permisos para feeds, lo que permite a usuarios remotos saltarse las restricciones de acceso a través de vectores de ataque no especificados, relacionados con las configuraciones de permisos en un foro privado. • http://www.openwall.com/lists/oss-security/2010/05/16/1 http://www.openwall.com/lists/oss-security/2010/05/18/6 http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement." Vulnerabilidad no especificada en posting.php de phpBB anterior a v3.0.5 tiene un impacto y vectores de ataque desconocidos relacionados con el uso de un "forum id" en circunstancias relacionadas con un "global announcement". • http://github.com/phpbb/phpbb3/commit/4ea3402f9363c9259881bc8ea6ce7fc6cb212657 http://www.openwall.com/lists/oss-security/2010/05/16/1 http://www.openwall.com/lists/oss-security/2010/05/18/12 http://www.openwall.com/lists/oss-security/2010/05/19/5 http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445 •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 5

SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to ucp.php. Vulnerabilidad de inyección SQL en root/includes/prime_quick_style.php en el complemento Prime Quick Style anterior a v1.2.3 para phpBB v3 permite a usuarios autenticados remotamente ejecutar comandos SQL de su elección a través del parámetro prime_quick_style en ucp.php. • https://www.exploit-db.com/exploits/9569 http://secunia.com/advisories/36532 http://www.absoluteanime.com/forum/mods/Prime%20Quick%20Style/install.xml http://www.exploit-db.com/exploits/9569 http://www.phpbb.com/community/viewtopic.php?f=70&t=692625&start=150#p10649315 http://www.securityfocus.com/bid/36214 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator closes a thread, which allows remote attackers to hijack the session via a post in the thread containing a URL to a remotely hosted image, which might include the session ID in the Referer header. phpBB v2.0.23 incluye la el ID de sesión en una petición a modcp.php cuando el moderador o administrador cierra un hilo, lo que permite a atacantes remotos secuestrar la sesión a través de un envío en el hilo conteniendo una URL a una imagen hospedada remotamente, que permite incluir el ID de sesión en la cabercera Referer. • http://osvdb.org/51121 http://www.securityfocus.com/archive/1/489815/100/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •