CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0CVE-2005-4687
https://notcve.org/view.php?id=CVE-2005-4687
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header. • http://secunia.com/advisories/17425 http://secunia.com/advisories/17433 http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt http://www.securityfocus.com/bid/15326 •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2005-4665
https://notcve.org/view.php?id=CVE-2005-4665
Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags. • http://punbb.org/changelogs/1.2.6_to_1.2.7.txt http://secunia.com/advisories/16775 http://www.osvdb.org/19382 http://www.punbb.org/changelogs/1.2.6_to_1.2.7.txt http://www.securityfocus.com/archive/1/422088/100/0/threaded http://www.securityfocus.com/archive/1/422267/100/0/threaded http://www.securityfocus.com/bid/14808 http://www.vupen.com/english/advisories/2005/1708 https://exchange.xforce.ibmcloud.com/vulnerabilities/22234 •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2005-4686
https://notcve.org/view.php?id=CVE-2005-4686
PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information. • http://secunia.com/advisories/17425 http://secunia.com/advisories/17433 http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt http://www.securityfocus.com/bid/15328 •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2005-3078
https://notcve.org/view.php?id=CVE-2005-3078
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature. • http://secunia.com/advisories/16908 http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt •
CVSS: 4.6EPSS: 0%CPEs: 23EXPL: 0CVE-2005-3079
https://notcve.org/view.php?id=CVE-2005-3079
PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection. • http://secunia.com/advisories/16908 http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt •