Page 6 of 39 results (0.007 seconds)

CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0

PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header. • http://secunia.com/advisories/17425 http://secunia.com/advisories/17433 http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt http://www.securityfocus.com/bid/15326 •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags. • http://punbb.org/changelogs/1.2.6_to_1.2.7.txt http://secunia.com/advisories/16775 http://www.osvdb.org/19382 http://www.punbb.org/changelogs/1.2.6_to_1.2.7.txt http://www.securityfocus.com/archive/1/422088/100/0/threaded http://www.securityfocus.com/archive/1/422267/100/0/threaded http://www.securityfocus.com/bid/14808 http://www.vupen.com/english/advisories/2005/1708 https://exchange.xforce.ibmcloud.com/vulnerabilities/22234 •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information. • http://secunia.com/advisories/17425 http://secunia.com/advisories/17433 http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt http://www.securityfocus.com/bid/15328 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter. • https://www.exploit-db.com/exploits/26350 http://marc.info/?l=bugtraq&m=112939699128430&w=2 http://secunia.com/advisories/17227 http://securityreason.com/securityalert/87 http://www.kapda.ir/advisory-91.html http://www.osvdb.org/20018 http://www.punbb.org/changelogs/1.2.8_to_1.2.9.txt http://www.securityfocus.net/bid/15114 https://exchange.xforce.ibmcloud.com/vulnerabilities/22760 •

CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0

PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter. • http://marc.info/?l=bugtraq&m=113017630505223&w=2 http://securityreason.com/securityalert/107 http://www.securityfocus.com/bid/15175 •