Vulnerabilities (CVE)

Filtered by vendor Punbb Subscribe
Filtered by product Punbb
Total 47 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-2234 1 Punbb 1 Punbb 2024-11-21 7.5 HIGH N/A
include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php.
CVE-2006-5738 1 Punbb 1 Punbb 2024-11-21 2.1 LOW N/A
Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-5737 1 Punbb 1 Punbb 2024-11-21 7.2 HIGH N/A
PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.
CVE-2006-5736 1 Punbb 1 Punbb 2024-11-21 5.1 MEDIUM N/A
SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized.
CVE-2006-5735 1 Punbb 1 Punbb 2024-11-21 7.5 HIGH N/A
Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table.
CVE-2006-4759 1 Punbb 1 Punbb 2024-11-21 3.6 LOW N/A
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.
CVE-2006-2724 1 Punbb 1 Punbb 2024-11-21 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227.
CVE-2006-2227 1 Punbb 1 Punbb 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized.
CVE-2006-1090 1 Punbb 1 Punbb 2024-11-21 7.8 HIGH N/A
register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations.
CVE-2006-1089 1 Punbb 1 Punbb 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.
CVE-2006-0866 1 Punbb 1 Punbb 2024-11-21 5.0 MEDIUM N/A
PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters.
CVE-2006-0865 1 Punbb 1 Punbb 2024-11-21 5.0 MEDIUM N/A
PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly.
CVE-2005-4688 1 Punbb 1 Punbb 2024-11-21 5.0 MEDIUM N/A
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.
CVE-2005-4687 2 F-art Agency, Punbb 2 Blog Cms, Punbb 2024-11-21 5.0 MEDIUM N/A
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
CVE-2005-4686 1 Punbb 1 Punbb 2024-11-21 5.0 MEDIUM N/A
PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information.
CVE-2005-4665 1 Punbb 1 Punbb 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags.
CVE-2005-3518 1 Punbb 1 Punbb 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter.
CVE-2005-3328 1 Punbb 1 Punbb 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter.
CVE-2005-3079 1 Punbb 1 Punbb 2024-11-21 4.6 MEDIUM N/A
PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection.
CVE-2005-3078 1 Punbb 1 Punbb 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature.