Page 9 of 53 results (0.006 seconds)

CVSS: 5.0EPSS: 1%CPEs: 21EXPL: 0

Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. • http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml http://www.idefense.com/application/poi/display?id=205&type=vulnerabilities http://www.phpbb.com/support/documents.php?mode=changelog •

CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 1

CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php. • http://marc.info/?l=bugtraq&m=109034476122723&w=2 http://secunia.com/advisories/12114 http://www.securityfocus.com/bid/10753 https://exchange.xforce.ibmcloud.com/vulnerabilities/16759 •

CVSS: 7.5EPSS: 3%CPEs: 16EXPL: 1

PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/24751 http://marc.info/?l=bugtraq&m=110075903308817&w=2 http://marc.info/?l=bugtraq&m=110082153702843&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18151 •

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php. • http://marc.info/?l=bugtraq&m=107920498205324&w=2 http://secunia.com/advisories/11121 http://www.osvdb.org/4257 http://www.osvdb.org/4259 http://www.phpbb.com/support/documents.php?mode=changelog#206 http://www.securityfocus.com/bid/9865 http://www.securityfocus.com/bid/9866 https://exchange.xforce.ibmcloud.com/vulnerabilities/15464 •

CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 3

SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter. • https://www.exploit-db.com/exploits/23821 http://www.securityfocus.com/archive/1/357442 http://www.securityfocus.com/bid/9883 https://exchange.xforce.ibmcloud.com/vulnerabilities/15475 •