CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 1CVE-2005-1290
https://notcve.org/view.php?id=CVE-2005-1290
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. • http://marc.info/?l=bugtraq&m=111428283721756&w=2 http://neosecurityteam.net/Advisories/Advisory-14.txt •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 2CVE-2005-1115
https://notcve.org/view.php?id=CVE-2005-1115
Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. • http://marc.info/?l=bugtraq&m=111343406309969&w=2 http://www.digitalparadox.org/advisories/phpbbp.txt http://www.securityfocus.com/bid/13157 http://www.securityfocus.com/bid/13158 •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 1CVE-2005-1114
https://notcve.org/view.php?id=CVE-2005-1114
Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters. • http://marc.info/?l=bugtraq&m=111343406309969&w=2 http://www.digitalparadox.org/advisories/phpbbp.txt http://www.osvdb.org/15931 http://www.securityfocus.com/bid/13155 https://exchange.xforce.ibmcloud.com/vulnerabilities/20086 •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 0CVE-2005-1047
https://notcve.org/view.php?id=CVE-2005-1047
Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory. • http://marc.info/?l=bugtraq&m=111299353030534&w=2 http://securitytracker.com/id?1013671 http://www.defacers.com.mx/advisories/2.txt •
CVSS: 5.0EPSS: 0%CPEs: 30EXPL: 2CVE-2005-0659
https://notcve.org/view.php?id=CVE-2005-0659
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. • http://marc.info/?l=bugtraq&m=110996579900134&w=2 http://neosecurityteam.net/Advisories/Advisory-09.txt http://neosecurityteam.tk/index.php?pagina=advisories&id=9 http://securitytracker.com/id?1013377 •