Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Phpbb Group
Angry Yack Logo
Total 93 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-3418 1 Phpbb Group 1 Phpbb 2025-04-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables.
CVE-2004-0730 1 Phpbb Group 1 Phpbb 2025-04-03 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.
CVE-2006-0437 1 Phpbb Group 1 Phpbb 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters.
CVE-2005-0258 1 Phpbb Group 1 Phpbb 2025-04-03 5.0 MEDIUM N/A
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.
CVE-2005-4358 1 Phpbb Group 1 Phpbb 2025-04-03 5.0 MEDIUM N/A
admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.
CVE-2006-4779 1 Phpbb Group 1 Vitrax Premodded Phpbb 2025-04-03 7.5 HIGH N/A
PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2005-2161 1 Phpbb Group 1 Phpbb 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags.
CVE-2006-2152 1 Phpbb Group 1 Phpbb Advanced Guestbook 2025-04-03 7.5 HIGH N/A
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
CVE-2002-1537 1 Phpbb Group 1 Phpbb 2025-04-03 10.0 HIGH N/A
admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".
CVE-2001-1472 1 Phpbb Group 1 Phpbb 2025-04-03 4.6 MEDIUM N/A
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
CVE-2005-0614 1 Phpbb Group 1 Phpbb 2025-04-03 7.5 HIGH N/A
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.
CVE-2002-2176 1 Phpbb Group 1 Phpbb 2025-04-03 10.0 HIGH N/A
SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.
CVE-2006-2360 1 Phpbb Group 1 Phpbb 2025-04-03 7.5 HIGH N/A
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.