Page 8 of 47 results (0.001 seconds)

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information. • http://secunia.com/advisories/17425 http://secunia.com/advisories/17433 http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt http://www.securityfocus.com/bid/15328 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter. • https://www.exploit-db.com/exploits/26350 http://marc.info/?l=bugtraq&m=112939699128430&w=2 http://secunia.com/advisories/17227 http://securityreason.com/securityalert/87 http://www.kapda.ir/advisory-91.html http://www.osvdb.org/20018 http://www.punbb.org/changelogs/1.2.8_to_1.2.9.txt http://www.securityfocus.net/bid/15114 https://exchange.xforce.ibmcloud.com/vulnerabilities/22760 •

CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0

PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter. • http://marc.info/?l=bugtraq&m=113017630505223&w=2 http://securityreason.com/securityalert/107 http://www.securityfocus.com/bid/15175 •

CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0

Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature. • http://secunia.com/advisories/16908 http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt •

CVSS: 4.6EPSS: 0%CPEs: 23EXPL: 0

PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection. • http://secunia.com/advisories/16908 http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt •