Page 8 of 103 results (0.010 seconds)

CVSS: 5.1EPSS: 6%CPEs: 16EXPL: 2

PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. • https://www.exploit-db.com/exploits/1728 http://secunia.com/advisories/19892 http://www.securityfocus.com/bid/17763 http://www.vupen.com/english/advisories/2006/1585 https://exchange.xforce.ibmcloud.com/vulnerabilities/26279 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl. • http://securityreason.com/securityalert/769 http://www.securityfocus.com/archive/1/431017/100/0/threaded http://www.securityfocus.com/bid/17573 https://exchange.xforce.ibmcloud.com/vulnerabilities/25888 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603. • http://osvdb.org/ref/24/24353-phpbb.txt http://www.osvdb.org/24354 http://www.osvdb.org/24355 http://www.osvdb.org/24356 http://www.osvdb.org/24357 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://osvdb.org/ref/24/24353-phpbb.txt http://secunia.com/advisories/19494 http://www.osvdb.org/24353 http://www.securityfocus.com/bid/17355 http://www.vupen.com/english/advisories/2006/1191 https://exchange.xforce.ibmcloud.com/vulnerabilities/25599 •

CVSS: 6.4EPSS: 1%CPEs: 29EXPL: 1

The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. • http://secunia.com/advisories/18727 http://www.osvdb.org/22949 http://www.r-security.net/tutorials/view/readtutorial.php?id=4 http://www.securityfocus.com/archive/1/424074/100/0/threaded http://www.vupen.com/english/advisories/2006/0461 https://exchange.xforce.ibmcloud.com/vulnerabilities/24573 •