CVSS: 7.5EPSS: 6%CPEs: 29EXPL: 2CVE-2006-0450
https://notcve.org/view.php?id=CVE-2006-0450
27 Jan 2006 — phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. phpBB 2.0.19 y anteriores permiten a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante (1) el registro de muchos usuarios mediante profile.php o (2) el uso uso de search.php para buscar de cierta manera que confunde a la base de datos. • https://github.com/Parcer0/CVE-2006-0450-phpBB-2.0.15-Multiple-DoS-Vulnerabilities •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-0063
https://notcve.org/view.php?id=CVE-2006-0063
05 Jan 2006 — Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en phpBB 2.0.19, cuando está habilitado "etiquetas HTML permitidas", permite a atacantes remotos inyectar 'scritp' web o HTML de su elección mediante una etiqu... • http://securityreason.com/achievement_securityalert/30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 0CVE-2005-3537
https://notcve.org/view.php?id=CVE-2005-3537
22 Dec 2005 — A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs. • http://secunia.com/advisories/18098 •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2005-3536
https://notcve.org/view.php?id=CVE-2005-3536
22 Dec 2005 — SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type. • http://secunia.com/advisories/18098 •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2005-4358
https://notcve.org/view.php?id=CVE-2005-4358
20 Dec 2005 — admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message. • http://marc.info/?l=full-disclosure&m=113484567432679&w=2 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2005-4357
https://notcve.org/view.php?id=CVE-2005-4357
20 Dec 2005 — Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover. • http://marc.info/?l=full-disclosure&m=113484567432679&w=2 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2005-3799
https://notcve.org/view.php?id=CVE-2005-3799
24 Nov 2005 — phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path. phpBB 2.0.18 permite a atacantes remotos obtener información sensible mediante una consulta SQL grande, lo que genera un mensaje de error que revela la sintaxis SQL de la ruta de instalación completa. • http://marc.info/?l=bugtraq&m=113200740718682&w=2 •
CVSS: 6.1EPSS: 1%CPEs: 27EXPL: 0CVE-2005-3418
https://notcve.org/view.php?id=CVE-2005-3418
01 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables. • http://marc.info/?l=bugtraq&m=113081113317600&w=2 •
CVSS: 9.8EPSS: 2%CPEs: 27EXPL: 0CVE-2005-3420
https://notcve.org/view.php?id=CVE-2005-3420
01 Nov 2005 — usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement. • http://marc.info/?l=bugtraq&m=113081113317600&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2005-3416
https://notcve.org/view.php?id=CVE-2005-3416
01 Nov 2005 — phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail. • http://marc.info/?l=bugtraq&m=113081113317600&w=2 •