CVE-2006-5209 – phpBB Admin Topic Action Logging Mod 0.94b - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-5209
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en admin/admin_tocpi_action_logging.php en Admin Topic Action Logging Mod 0.95 y anteriores, usado en phpBB 2.0 hasta 2.0.21, permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro phpbb_root_path. • https://www.exploit-db.com/exploits/2475 https://exchange.xforce.ibmcloud.com/vulnerabilities/29345 •
CVE-2006-5191 – phpBB Static Topics 1.0 - 'phpbb_root_path' File Inclusion
https://notcve.org/view.php?id=CVE-2006-5191
PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Vulnerabilidad PHP de inclusión remota de archivo en includes/functions_static_topics.php en the Nivisec Static Topics module para phpBB 1.0 y anteriores permite a un atacante remoto ejecutar código PHP de su elección mediante una URL en el parámetro phpbb_root_path. • https://www.exploit-db.com/exploits/2477 http://secunia.com/advisories/22269 http://www.nivisec.com/article.php?l=vi&ar=20 http://www.osvdb.org/29506 http://www.securityfocus.com/bid/20353 http://www.vupen.com/english/advisories/2006/3916 https://exchange.xforce.ibmcloud.com/vulnerabilities/29347 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-4758
https://notcve.org/view.php?id=CVE-2006-4758
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. phpBB 2.0.21 no maneja adecuadamente los nombres de ruta que finalicen en %00, lo cual permite a un usuario remoto administrador validado actualizar ficheros de su elección, según se puede ver a través de la consulta a admin/admin_board.php con el parámetro avatar_path terminado en .php%00. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388120 http://secunia.com/advisories/22188 http://secunia.com/advisories/28871 http://www.debian.org/security/2008/dsa-1488 http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624 http://www.security.nnov.ru/Odocument221.html http://www.securityfocus.com/archive/1/445788/100/0/threaded http://www.securityfocus.com/bid/20347 http://www.securityfocus.com/bid/21806 https://exchange.xforce.ibmcloud.com/vulnerabilities/28884 •
CVE-2006-4450 – phpBB 2.0.20 - Unauthorized HTTP Proxy
https://notcve.org/view.php?id=CVE-2006-4450
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request. usercp_avatar.php en PHPBB 2.0.20, cuando la subida de ficheros avatar está habilitada, permite a atacantes remotos usar el servidor como un proxy web enviando una URL al parámetro avatarurl, el cual es usado entonces en una petición HTTP GET. • https://www.exploit-db.com/exploits/27863 http://archives.neohapsis.com/archives/bugtraq/2006-05/0238.html http://secunia.com/advisories/20093 http://securityreason.com/securityalert/1470 http://www.securityfocus.com/bid/17965 https://exchange.xforce.ibmcloud.com/vulnerabilities/26537 •
CVE-2006-2865 – phpBB 2.0.x - 'template.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2865
PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod • https://www.exploit-db.com/exploits/27961 http://www.securityfocus.com/archive/1/435869/100/0/threaded http://www.securityfocus.com/archive/1/435978/100/0/threaded http://www.securityfocus.com/archive/1/435995/100/0/threaded http://www.securityfocus.com/archive/1/436118/100/0/threaded http://www.securityfocus.com/bid/18255 •