CVE-2004-1315 – PHP-Nuke 7.0/8.1/8.1.35 - Wormable Remote Code Execution
https://notcve.org/view.php?id=CVE-2004-1315
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm. • https://www.exploit-db.com/exploits/12510 https://www.exploit-db.com/exploits/647 https://www.exploit-db.com/exploits/16890 https://www.exploit-db.com/exploits/24274 http://marc.info/?l=bugtraq&m=110029415208724&w=2 http://marc.info/?l=bugtraq&m=110365752909029&w=2 http://marc.info/?t=110079440800004&r=1&w=2 http://secunia.com/advisories/13239 http://www.kb.cert.org/vuls/id/497400 http://www.phpbb.com/phpBB/viewtopic.php?t=240513 http://www. •
CVE-2003-1215
https://notcve.org/view.php?id=CVE-2003-1215
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter. • http://marc.info/?l=bugtraq&m=107273069130885&w=2 http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943 http://www.securityfocus.com/bid/9314 https://exchange.xforce.ibmcloud.com/vulnerabilities/14096 •
CVE-2003-1216 – phpBB 2.0.6 - 'search_id' SQL Injection / MD5 Hash
https://notcve.org/view.php?id=CVE-2003-1216
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter. • https://www.exploit-db.com/exploits/137 http://marc.info/?l=bugtraq&m=106997132425576&w=2 http://marc.info/?l=bugtraq&m=107005608726609&w=2 http://marc.info/?l=bugtraq&m=107196735102970&w=2 http://www.phpbb.com/phpBB/viewtopic.php?t=153818 http://www.securityfocus.com/bid/9122 https://exchange.xforce.ibmcloud.com/vulnerabilities/13867 •
CVE-2003-0486 – phpBB 2.0.5 - SQL Injection Password Disclosure
https://notcve.org/view.php?id=CVE-2003-0486
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter. Vulnerabilidad de inyección de SQL en viewtopic.php de phpBB 2.0.5 y anteriores permite a atacantes remotos robar picadillos (hashes) de contraseñas mediante el parámetro topic_id. • https://www.exploit-db.com/exploits/44 http://marc.info/?l=bugtraq&m=105607263130644&w=2 http://www.phpbb.com/phpBB/viewtopic.php?t=112052 http://www.securityfocus.com/bid/7979 https://exchange.xforce.ibmcloud.com/vulnerabilities/12366 •
CVE-2002-0533
https://notcve.org/view.php?id=CVE-2002-0533
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0005.html http://marc.info/?l=bugtraq&m=101794993119738&w=2 http://online.securityfocus.com/archive/1/265798 http://www.iss.net/security_center/static/8764.php http://www.securityfocus.com/bid/4432 http://www.securityfocus.com/bid/4434 •