- Home
- CVEs with nessus.description==Several vulnerabilities have been discovered in phpBB, a fully featured and skinnable flat webforum. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2005-3310 Multiple interpretation errors allow remote authenticated users to inject arbitrary web script when remote avatars and avatar uploading are enabled.
- CVE-2005-3415 phpBB allows remote attackers to bypass protection mechanisms that deregister global variables that allows attackers to manipulate the behaviour of phpBB.
- CVE-2005-3416 phpBB allows remote attackers to bypass security checks when register_globals is enabled and the session_start function has not been called to handle a session.
- CVE-2005-3417 phpBB allows remote attackers to modify global variables and bypass security mechanisms.
- CVE-2005-3418 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web scripts.
- CVE-2005-3419 A SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands.
- CVE-2005-3420 phpBB allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter.
- CVE-2005-3536 Missing input sanitising of the topic type allows remote attackers to inject arbitrary SQL commands.
- CVE-2005-3537 Missing request validation permitted remote attackers to edit private messages of other users.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top