CVE-2008-0471
https://notcve.org/view.php?id=CVE-2008-0471
Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en privmsg.php en phpBB 2.0.22 permite a atacantes remotos borrar mensajes privados (PM) como un usuario de su elección a través de una acción deleteall. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589 http://secunia.com/advisories/28630 http://secunia.com/advisories/28871 http://securityreason.com/securityalert/3585 http://www.debian.org/security/2008/dsa-1488 http://www.securityfocus.com/archive/1/487004/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2007-5688 – Multi-Forums - 'Directory.php' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2007-5688
Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters. Múltiples vulnerabilidades de inyección SQL en directory.php en el módulo 1.3.3 de Multi-Forums (también conocido como Multi Host Forum Pro), para phpBB e Invision Power Board (IPB ó IP.Board), permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) go y (2) cat. • https://www.exploit-db.com/exploits/30712 http://secunia.com/advisories/27406 http://www.inj3ct-it.org/exploit/Multi_Host.txt http://www.securityfocus.com/archive/1/482838/100/0/threaded http://www.securityfocus.com/bid/26213 https://exchange.xforce.ibmcloud.com/vulnerabilities/37461 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-5173 – phpBB Mod OpenID 0.2.0 - 'BBStore.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-5173
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en include/openid/Auth/OpenID/BBStore.php de phpBB Openid 0.2.0 permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro openid_root_path. • https://www.exploit-db.com/exploits/4471 http://osvdb.org/37419 http://secunia.com/advisories/27001 http://www.securityfocus.com/archive/1/481215/100/0/threaded http://www.securityfocus.com/bid/25867 http://www.vupen.com/english/advisories/2007/3330 https://exchange.xforce.ibmcloud.com/vulnerabilities/36876 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-5100
https://notcve.org/view.php?id=CVE-2007-5100
Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, different vectors than CVE-2007-5009. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en phpBB Plus 1.53, y 1.53a anterior a 20070922, cuando register_globals está activado, permiten a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro phpbb_root_path de (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, vectores diferentes de CVE-2007-5009. • http://osvdb.org/38723 http://osvdb.org/38724 http://osvdb.org/38725 http://secunia.com/advisories/26888 http://www.phpbb2.de/ftopic45218.html http://www.securityfocus.com/bid/25776 http://www.vupen.com/english/advisories/2007/3247 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-5033
https://notcve.org/view.php?id=CVE-2007-5033
Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en profile.php en phpBB XS 2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro selfdes en una acción profile_info editprofile. • http://osvdb.org/38884 http://securityreason.com/securityalert/3158 http://www.securityfocus.com/archive/1/480100/100/0/threaded http://www.securityfocus.com/bid/25750 https://exchange.xforce.ibmcloud.com/vulnerabilities/36707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •