CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0CVE-2005-3419
https://notcve.org/view.php?id=CVE-2005-3419
01 Nov 2005 — SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized. • http://marc.info/?l=bugtraq&m=113081113317600&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2005-3417
https://notcve.org/view.php?id=CVE-2005-3417
01 Nov 2005 — phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables. • http://marc.info/?l=bugtraq&m=113081113317600&w=2 •
CVSS: 9.8EPSS: 27%CPEs: 24EXPL: 1CVE-2005-1193 – phpBB 2.0.x - 'BBCode.php' URL Tag
https://notcve.org/view.php?id=CVE-2005-1193
16 May 2005 — The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag. • https://www.exploit-db.com/exploits/25628 •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 0CVE-2005-1047
https://notcve.org/view.php?id=CVE-2005-1047
07 Apr 2005 — Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory. • http://marc.info/?l=bugtraq&m=111299353030534&w=2 •
CVSS: 5.3EPSS: 0%CPEs: 30EXPL: 2CVE-2005-0659
https://notcve.org/view.php?id=CVE-2005-0659
07 Mar 2005 — phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. • http://marc.info/?l=bugtraq&m=110996579900134&w=2 •
CVSS: 9.8EPSS: 4%CPEs: 29EXPL: 3CVE-2005-0614 – phpBB 2.0.12 - Change User Rights Authentication Bypass
https://notcve.org/view.php?id=CVE-2005-0614
03 Mar 2005 — sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. • https://www.exploit-db.com/exploits/897 •
CVSS: 5.3EPSS: 4%CPEs: 21EXPL: 1CVE-2005-0603
https://notcve.org/view.php?id=CVE-2005-0603
28 Feb 2005 — viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message. • https://github.com/Parcer0/CVE-2005-0603-phpBB-2.0.12-Full-path-disclosure •
CVSS: 9.1EPSS: 0%CPEs: 21EXPL: 0CVE-2005-0258 – Gentoo Linux Security Advisory 200503-2
https://notcve.org/view.php?id=CVE-2005-0258
22 Feb 2005 — Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the Enable remote avatars and Enable avatar uploading op... • http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml •
CVSS: 6.4EPSS: 0%CPEs: 21EXPL: 0CVE-2005-0259 – Gentoo Linux Security Advisory 200503-2
https://notcve.org/view.php?id=CVE-2005-0259
22 Feb 2005 — phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the Enable remote avatars and Enable avatar uploadi... • http://secunia.com/advisories/14362 •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2004-1809
https://notcve.org/view.php?id=CVE-2004-1809
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php. • http://marc.info/?l=bugtraq&m=107920498205324&w=2 •