CVE-2006-5191 – phpBB Static Topics 1.0 - 'phpbb_root_path' File Inclusion
https://notcve.org/view.php?id=CVE-2006-5191
PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad PHP de inclusión remota de archivo en includes/functions_static_topics.php en the Nivisec Static Topics module para phpBB 1.0 y anteriores permite a un atacante remoto ejecutar código PHP de su elección mediante una URL en el parámetro phpbb_root_path. • https://www.exploit-db.com/exploits/2477 http://secunia.com/advisories/22269 http://www.nivisec.com/article.php?l=vi&ar=20 http://www.osvdb.org/29506 http://www.securityfocus.com/bid/20353 http://www.vupen.com/english/advisories/2006/3916 https://exchange.xforce.ibmcloud.com/vulnerabilities/29347 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-4758
https://notcve.org/view.php?id=CVE-2006-4758
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. phpBB 2.0.21 no maneja adecuadamente los nombres de ruta que finalicen en %00, lo cual permite a un usuario remoto administrador validado actualizar ficheros de su elección, según se puede ver a través de la consulta a admin/admin_board.php con el parámetro avatar_path terminado en .php%00. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120 http://secunia.com/advisories/22188 http://secunia.com/advisories/28871 http://www.debian.org/security/2008/dsa-1488 http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624 http://www.security.nnov.ru/Odocument221.html http://www.securityfocus.com/archive/1/445788/100/0/threaded http://www.securityfocus.com/bid/20347 http://www.securityfocus.com/bid/21806 https://exchange.xforce.ibmcloud.com/vulnerabilities/28884 •
CVE-2006-4450 – phpBB 2.0.20 - Unauthorized HTTP Proxy
https://notcve.org/view.php?id=CVE-2006-4450
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request. usercp_avatar.php en PHPBB 2.0.20, cuando la subida de ficheros avatar está habilitada, permite a atacantes remotos usar el servidor como un proxy web enviando una URL al parámetro avatarurl, el cual es usado entonces en una petición HTTP GET. • https://www.exploit-db.com/exploits/27863 http://archives.neohapsis.com/archives/bugtraq/2006-05/0238.html http://secunia.com/advisories/20093 http://securityreason.com/securityalert/1470 http://www.securityfocus.com/bid/17965 https://exchange.xforce.ibmcloud.com/vulnerabilities/26537 •
CVE-2006-2865 – phpBB 2.0.x - 'template.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2865
PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod • https://www.exploit-db.com/exploits/27961 http://www.securityfocus.com/archive/1/435869/100/0/threaded http://www.securityfocus.com/archive/1/435978/100/0/threaded http://www.securityfocus.com/archive/1/435995/100/0/threaded http://www.securityfocus.com/archive/1/436118/100/0/threaded http://www.securityfocus.com/bid/18255 •
CVE-2006-2220
https://notcve.org/view.php?id=CVE-2006-2220
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. phpBB 2.0.20 no verifica apropiadamente variables de entrada especificadas por el usuarios usadas como límite para las consultas SQL, lo cual permite a atacantes remotos obtener información confidencial mediante una especificación de límite negativa, como se demuestra en el parámetro start en memberlist.php, que revela la consulta SQL en un mensaje de error resultante. • http://marc.info/?l=bugtraq&m=114695651425026&w=2 http://marc.info/?l=bugtraq&m=114731067321710&w=2 http://marc.info/?l=full-disclosure&m=114685931319903&w=2 http://securityreason.com/securityalert/837 https://exchange.xforce.ibmcloud.com/vulnerabilities/26306 • CWE-20: Improper Input Validation •