CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0673
https://notcve.org/view.php?id=CVE-2005-0673
Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php. • http://neosecurityteam.tk/index.php?pagina=advisories&id=8 http://secunia.com/advisories/14475 http://securitytracker.com/id?1013362 •
CVSS: 7.5EPSS: 4%CPEs: 29EXPL: 3CVE-2005-0614 – phpBB 2.0.12 - Change User Rights Authentication Bypass
https://notcve.org/view.php?id=CVE-2005-0614
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. • https://www.exploit-db.com/exploits/897 https://www.exploit-db.com/exploits/871 https://www.exploit-db.com/exploits/889 http://marc.info/?l=bugtraq&m=110970201920206&w=2 http://marc.info/?l=bugtraq&m=110999268130739&w=2 http://secunia.com/advisories/14413 http://www.phpbb.com/phpBB/viewtopic.php?t=267563 •
CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 1CVE-2005-0603
https://notcve.org/view.php?id=CVE-2005-0603
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message. • https://github.com/Parcer0/CVE-2005-0603-phpBB-2.0.12-Full-path-disclosure http://marc.info/?l=bugtraq&m=110943646112950&w=2 http://neossecurity.net/Advisories/Advisory-06.txt http://secunia.com/advisories/14413 http://www.phpbb.com/phpBB/viewtopic.php?t=267563 •
CVSS: 6.4EPSS: 0%CPEs: 21EXPL: 0CVE-2005-0259
https://notcve.org/view.php?id=CVE-2005-0259
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. • http://secunia.com/advisories/14362 http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml http://www.idefense.com/application/poi/display?id=204&type=vulnerabilities http://www.kb.cert.org/vuls/id/774686 http://www.phpbb.com/support/documents.php?mode=changelog •
CVSS: 5.0EPSS: 1%CPEs: 21EXPL: 0CVE-2005-0258
https://notcve.org/view.php?id=CVE-2005-0258
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. • http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml http://www.idefense.com/application/poi/display?id=205&type=vulnerabilities http://www.phpbb.com/support/documents.php?mode=changelog •