Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
41 vulnerabilities by punbb
CVE-2011-3371 (GCVE-0-2011-3371)
Vulnerability from cvelistv5 – Published: 2011-10-02 20:00 – Updated: 2024-09-17 01:11
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-02T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"name": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip",
"refsource": "CONFIRM",
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026073"
},
{
"name": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d",
"refsource": "CONFIRM",
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"name": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"name": "http://punbb.informer.com/forums/topic/24430/punbb-136/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3371",
"datePublished": "2011-10-02T20:00:00.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:11:33.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4894 (GCVE-0-2009-4894)
Vulnerability from cvelistv5 – Published: 2010-06-15 01:00 – Updated: 2024-09-16 19:25
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:26.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-15T01:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/forums/topic/21669/punbb-134/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4894",
"datePublished": "2010-06-15T01:00:00.000Z",
"dateReserved": "2010-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:25:06.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0455 (GCVE-0-2010-0455)
Vulnerability from cvelistv5 – Published: 2010-01-28 20:00 – Updated: 2024-08-07 00:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2010-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:19.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0455",
"datePublished": "2010-01-28T20:00:00.000Z",
"dateReserved": "2010-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:52:19.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7241 (GCVE-0-2008-7241)
Vulnerability from cvelistv5 – Published: 2009-09-17 18:00 – Updated: 2024-09-17 03:42
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48685"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-17T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48685"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48685",
"refsource": "OSVDB",
"url": "http://osvdb.org/48685"
},
{
"name": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7241",
"datePublished": "2009-09-17T18:00:00.000Z",
"dateReserved": "2009-09-17T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:42:58.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5435 (GCVE-0-2008-5435)
Vulnerability from cvelistv5 – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2008-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-20T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32800",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"refsource": "OSVDB",
"url": "http://osvdb.org/50680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5435",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:46.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5433 (GCVE-0-2008-5433)
Vulnerability from cvelistv5 – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2008-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-06T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/forums/topic/20475/punbb-132/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33059"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5433",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:46.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5434 (GCVE-0-2008-5434)
Vulnerability from cvelistv5 – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2008-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:45.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"name": "http://punbb.informer.com/forums/topic/20475/punbb-132/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5434",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:45.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3968 (GCVE-0-2008-3968)
Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "punbb-userlist-xss(45046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "punbb-userlist-xss(45046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "punbb-userlist-xss(45046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"name": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31082"
},
{
"name": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3968",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3335 (GCVE-0-2008-3335)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:25.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30395"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "http://punbb.informer.com/forums/topic/19539/punbb-1219/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3335",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:25.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3336 (GCVE-0-2008-3336)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30396"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "http://punbb.informer.com/forums/topic/19539/punbb-1219/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3336",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:26.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1485 (GCVE-0-2008-1485)
Vulnerability from cvelistv5 – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2008-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-01T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29043"
},
{
"name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"refsource": "OSVDB",
"url": "http://osvdb.org/45561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1485",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1484 (GCVE-0-2008-1484)
Vulnerability from cvelistv5 – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2008-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27908"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.org/forums/viewtopic.php?id=18460",
"refsource": "CONFIRM",
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29043"
},
{
"name": "http://sektioneins.de/advisories/SE-2008-01.txt",
"refsource": "MISC",
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"refsource": "OSVDB",
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27908"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1484",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2234 (GCVE-0-2007-2234)
Vulnerability from cvelistv5 – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/933"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/933"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://dev.punbb.org/changeset/933",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/933"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2234",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2235 (GCVE-0-2007-2235)
Vulnerability from cvelistv5 – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/938"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/934"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/938"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/934"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://dev.punbb.org/changeset/938",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/938"
},
{
"name": "http://dev.punbb.org/changeset/934",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/934"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2235",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:27.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2236 (GCVE-0-2007-2236)
Vulnerability from cvelistv5 – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.punbb.org/changeset/937",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2236",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:27.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5736 (GCVE-0-2006-5736)
Vulnerability from cvelistv5 – Published: 2006-11-06 18:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2006-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:54.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017131"
},
{
"name": "1824",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1824"
},
{
"name": "20061030 Punbb \u003c= 1.2.13 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450055/100/0/threaded"
},
{
"name": "ADV-2006-4256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4256"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities"
},
{
"name": "30133",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017131"
},
{
"name": "1824",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1824"
},
{
"name": "20061030 Punbb \u003c= 1.2.13 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450055/100/0/threaded"
},
{
"name": "ADV-2006-4256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4256"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities"
},
{
"name": "30133",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017131",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017131"
},
{
"name": "1824",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1824"
},
{
"name": "20061030 Punbb \u003c= 1.2.13 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450055/100/0/threaded"
},
{
"name": "ADV-2006-4256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4256"
},
{
"name": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities"
},
{
"name": "30133",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30133"
},
{
"name": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5736",
"datePublished": "2006-11-06T18:00:00.000Z",
"dateReserved": "2006-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:54.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5737 (GCVE-0-2006-5737)
Vulnerability from cvelistv5 – Published: 2006-11-06 18:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2006-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:54.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017131"
},
{
"name": "20061030 Punbb \u003c= 1.2.13 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450055/100/0/threaded"
},
{
"name": "30134",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30134"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017131"
},
{
"name": "20061030 Punbb \u003c= 1.2.13 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450055/100/0/threaded"
},
{
"name": "30134",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30134"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017131",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017131"
},
{
"name": "20061030 Punbb \u003c= 1.2.13 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450055/100/0/threaded"
},
{
"name": "30134",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30134"
},
{
"name": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5737",
"datePublished": "2006-11-06T18:00:00.000Z",
"dateReserved": "2006-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:54.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5735 (GCVE-0-2006-5735)
Vulnerability from cvelistv5 – Published: 2006-11-06 18:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2006-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:54.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1017131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017131"
},
{
"name": "1824",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1824"
},
{
"name": "30132",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30132"
},
{
"name": "20061030 Punbb \u003c= 1.2.13 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450055/100/0/threaded"
},
{
"name": "ADV-2006-4256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4256"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities"
},
{
"name": "22622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1017131",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017131"
},
{
"name": "1824",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1824"
},
{
"name": "30132",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30132"
},
{
"name": "20061030 Punbb \u003c= 1.2.13 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450055/100/0/threaded"
},
{
"name": "ADV-2006-4256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4256"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities"
},
{
"name": "22622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017131",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017131"
},
{
"name": "1824",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1824"
},
{
"name": "30132",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30132"
},
{
"name": "20061030 Punbb \u003c= 1.2.13 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450055/100/0/threaded"
},
{
"name": "ADV-2006-4256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4256"
},
{
"name": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities"
},
{
"name": "22622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22622"
},
{
"name": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5735",
"datePublished": "2006-11-06T18:00:00.000Z",
"dateReserved": "2006-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:54.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5738 (GCVE-0-2006-5738)
Vulnerability from cvelistv5 – Published: 2006-11-06 18:00 – Updated: 2025-04-03 15:23
VLAI?
Summary
Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.
Severity ?
7.2 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:54.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.punbb.org/viewtopic.php?id=13496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2006-5738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T15:22:32.089535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T15:23:43.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-06T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.punbb.org/viewtopic.php?id=13496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.punbb.org/viewtopic.php?id=13496",
"refsource": "CONFIRM",
"url": "http://forums.punbb.org/viewtopic.php?id=13496"
},
{
"name": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5738",
"datePublished": "2006-11-06T18:00:00.000Z",
"dateReserved": "2006-11-06T00:00:00.000Z",
"dateUpdated": "2025-04-03T15:23:43.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4759 (GCVE-0-2006-4759)
Vulnerability from cvelistv5 – Published: 2006-09-13 23:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2006-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.punbb.org/viewtopic.php?id=13255"
},
{
"name": "20060919 Dispute - CVE-2006-4759 - PunBB",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-September/001041.html"
},
{
"name": "20060911 ShAnKaR: multiple PHP application poison NULL byte vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445788/100/0/threaded"
},
{
"name": "20060926 PunBB - more",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-September/001055.html"
},
{
"name": "20060919 Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446420/100/0/threaded"
},
{
"name": "20060925 PunBB - more",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2006-September/001052.html"
},
{
"name": "phpbb-nullbyte-file-upload(28884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security.nnov.ru/Odocument221.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.punbb.org/viewtopic.php?id=13255"
},
{
"name": "20060919 Dispute - CVE-2006-4759 - PunBB",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-September/001041.html"
},
{
"name": "20060911 ShAnKaR: multiple PHP application poison NULL byte vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445788/100/0/threaded"
},
{
"name": "20060926 PunBB - more",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-September/001055.html"
},
{
"name": "20060919 Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446420/100/0/threaded"
},
{
"name": "20060925 PunBB - more",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2006-September/001052.html"
},
{
"name": "phpbb-nullbyte-file-upload(28884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security.nnov.ru/Odocument221.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.punbb.org/viewtopic.php?id=13255",
"refsource": "CONFIRM",
"url": "http://forums.punbb.org/viewtopic.php?id=13255"
},
{
"name": "20060919 Dispute - CVE-2006-4759 - PunBB",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-September/001041.html"
},
{
"name": "20060911 ShAnKaR: multiple PHP application poison NULL byte vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445788/100/0/threaded"
},
{
"name": "20060926 PunBB - more",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-September/001055.html"
},
{
"name": "20060919 Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446420/100/0/threaded"
},
{
"name": "20060925 PunBB - more",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-September/001052.html"
},
{
"name": "phpbb-nullbyte-file-upload(28884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28884"
},
{
"name": "http://www.security.nnov.ru/Odocument221.html",
"refsource": "MISC",
"url": "http://www.security.nnov.ru/Odocument221.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4759",
"datePublished": "2006-09-13T23:00:00.000Z",
"dateReserved": "2006-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2724 (GCVE-0-2006-2724)
Vulnerability from cvelistv5 – Published: 2006-06-01 01:00 – Updated: 2024-08-07 17:58
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2006-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:58:51.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.neosecurityteam.net/advisories/Advisory-22.txt"
},
{
"name": "1016157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016157"
},
{
"name": "20060521 PunBB 1.2.11 Cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/lists/bugtraq/2006/May/0408.html"
},
{
"name": "punbb-adminnote-xss(26616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26616"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the \"Admin note\" feature, a different vulnerability than CVE-2006-2227."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.neosecurityteam.net/advisories/Advisory-22.txt"
},
{
"name": "1016157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016157"
},
{
"name": "20060521 PunBB 1.2.11 Cross site scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/lists/bugtraq/2006/May/0408.html"
},
{
"name": "punbb-adminnote-xss(26616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26616"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the \"Admin note\" feature, a different vulnerability than CVE-2006-2227."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.neosecurityteam.net/advisories/Advisory-22.txt",
"refsource": "MISC",
"url": "http://www.neosecurityteam.net/advisories/Advisory-22.txt"
},
{
"name": "1016157",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016157"
},
{
"name": "20060521 PunBB 1.2.11 Cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2006/May/0408.html"
},
{
"name": "punbb-adminnote-xss(26616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26616"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2724",
"datePublished": "2006-06-01T01:00:00.000Z",
"dateReserved": "2006-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:58:51.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2227 (GCVE-0-2006-2227)
Vulnerability from cvelistv5 – Published: 2006-05-05 19:00 – Updated: 2024-08-07 17:43
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2006-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19986"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/download/hdiff/hdiff-1.2.11_to_1.2.12.html"
},
{
"name": "25256",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25256"
},
{
"name": "ADV-2006-1670",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1670"
},
{
"name": "20060503 PunBB1.2.11 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432950/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/changelogs/1.2.11_to_1.2.12.txt"
},
{
"name": "849",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/849"
},
{
"name": "punbb-misc-xss(26245)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26245"
},
{
"name": "17827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19986"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/download/hdiff/hdiff-1.2.11_to_1.2.12.html"
},
{
"name": "25256",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25256"
},
{
"name": "ADV-2006-1670",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1670"
},
{
"name": "20060503 PunBB1.2.11 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432950/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/changelogs/1.2.11_to_1.2.12.txt"
},
{
"name": "849",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/849"
},
{
"name": "punbb-misc-xss(26245)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26245"
},
{
"name": "17827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17827"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19986",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19986"
},
{
"name": "http://www.punbb.org/download/hdiff/hdiff-1.2.11_to_1.2.12.html",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/download/hdiff/hdiff-1.2.11_to_1.2.12.html"
},
{
"name": "25256",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25256"
},
{
"name": "ADV-2006-1670",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1670"
},
{
"name": "20060503 PunBB1.2.11 Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432950/100/0/threaded"
},
{
"name": "http://www.punbb.org/changelogs/1.2.11_to_1.2.12.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.11_to_1.2.12.txt"
},
{
"name": "849",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/849"
},
{
"name": "punbb-misc-xss(26245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26245"
},
{
"name": "17827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17827"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2227",
"datePublished": "2006-05-05T19:00:00.000Z",
"dateReserved": "2006-05-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:28.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1089 (GCVE-0-2006-1089)
Vulnerability from cvelistv5 – Published: 2006-03-09 11:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2006-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "punbb-header-xss(24982)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24982"
},
{
"name": "16891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch"
},
{
"name": "ADV-2006-0773",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0773"
},
{
"name": "19039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "punbb-header-xss(24982)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24982"
},
{
"name": "16891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch"
},
{
"name": "ADV-2006-0773",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0773"
},
{
"name": "19039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19039"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "punbb-header-xss(24982)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24982"
},
{
"name": "16891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16891"
},
{
"name": "http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt"
},
{
"name": "http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch"
},
{
"name": "ADV-2006-0773",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0773"
},
{
"name": "19039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19039"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1089",
"datePublished": "2006-03-09T11:00:00.000Z",
"dateReserved": "2006-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:15.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1090 (GCVE-0-2006-1090)
Vulnerability from cvelistv5 – Published: 2006-03-09 11:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2006-03-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch"
},
{
"name": "ADV-2006-0773",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0773"
},
{
"name": "punbb-register-ip-dos(24837)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24837"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch"
},
{
"name": "ADV-2006-0773",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0773"
},
{
"name": "punbb-register-ip-dos(24837)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24837"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt"
},
{
"name": "http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch"
},
{
"name": "ADV-2006-0773",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0773"
},
{
"name": "punbb-register-ip-dos(24837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24837"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1090",
"datePublished": "2006-03-09T11:00:00.000Z",
"dateReserved": "2006-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:15.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0866 (GCVE-0-2006-0866)
Vulnerability from cvelistv5 – Published: 2006-02-23 23:00 – Updated: 2024-08-07 16:48
VLAI?
Summary
PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2006-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060219 PunBB 1.2.10 Multiple DoS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425630/100/0/threaded"
},
{
"name": "punbb-login-bruteforce(24838)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24838"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.neosecurityteam.net/advisories/Advisory-15.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account\u0027s password, which may be as short as 4 characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060219 PunBB 1.2.10 Multiple DoS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425630/100/0/threaded"
},
{
"name": "punbb-login-bruteforce(24838)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24838"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.neosecurityteam.net/advisories/Advisory-15.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account\u0027s password, which may be as short as 4 characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060219 PunBB 1.2.10 Multiple DoS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425630/100/0/threaded"
},
{
"name": "punbb-login-bruteforce(24838)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24838"
},
{
"name": "http://www.neosecurityteam.net/advisories/Advisory-15.txt",
"refsource": "MISC",
"url": "http://www.neosecurityteam.net/advisories/Advisory-15.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0866",
"datePublished": "2006-02-23T23:00:00.000Z",
"dateReserved": "2006-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:48:56.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0865 (GCVE-0-2006-0865)
Vulnerability from cvelistv5 – Published: 2006-02-23 23:00 – Updated: 2024-08-07 16:48
VLAI?
Summary
PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2006-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060219 PunBB 1.2.10 Multiple DoS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425630/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.neosecurityteam.net/advisories/Advisory-15.txt"
},
{
"name": "punbb-register-ip-dos(24837)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24837"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060219 PunBB 1.2.10 Multiple DoS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425630/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.neosecurityteam.net/advisories/Advisory-15.txt"
},
{
"name": "punbb-register-ip-dos(24837)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24837"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060219 PunBB 1.2.10 Multiple DoS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425630/100/0/threaded"
},
{
"name": "http://www.neosecurityteam.net/advisories/Advisory-15.txt",
"refsource": "MISC",
"url": "http://www.neosecurityteam.net/advisories/Advisory-15.txt"
},
{
"name": "punbb-register-ip-dos(24837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24837"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0865",
"datePublished": "2006-02-23T23:00:00.000Z",
"dateReserved": "2006-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:48:56.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4687 (GCVE-0-2005-4687)
Vulnerability from cvelistv5 – Published: 2006-02-01 02:00 – Updated: 2024-09-16 19:24
VLAI?
Summary
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15326"
},
{
"name": "17433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt"
},
{
"name": "17425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client\u0027s IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-02-01T02:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15326"
},
{
"name": "17433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt"
},
{
"name": "17425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17425"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client\u0027s IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15326"
},
{
"name": "17433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17433"
},
{
"name": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt"
},
{
"name": "17425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17425"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4687",
"datePublished": "2006-02-01T02:00:00.000Z",
"dateReserved": "2006-01-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:24:59.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4686 (GCVE-0-2005-4686)
Vulnerability from cvelistv5 – Published: 2006-02-01 02:00 – Updated: 2024-09-17 00:01
VLAI?
Summary
PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt"
},
{
"name": "15328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15328"
},
{
"name": "17425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-02-01T02:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt"
},
{
"name": "15328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15328"
},
{
"name": "17425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17425"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17433"
},
{
"name": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt"
},
{
"name": "15328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15328"
},
{
"name": "17425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17425"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4686",
"datePublished": "2006-02-01T02:00:00.000Z",
"dateReserved": "2006-01-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:01:55.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4688 (GCVE-0-2005-4688)
Vulnerability from cvelistv5 – Published: 2006-02-01 02:00 – Updated: 2024-09-16 23:10
VLAI?
Summary
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PunBB 1.2.9 does not require password entry when changing the e-mail address in an account\u0027s profile, which might allow an attacker to make an address change via a hijacked login session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-02-01T02:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PunBB 1.2.9 does not require password entry when changing the e-mail address in an account\u0027s profile, which might allow an attacker to make an address change via a hijacked login session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4688",
"datePublished": "2006-02-01T02:00:00.000Z",
"dateReserved": "2006-01-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:10:33.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4665 (GCVE-0-2005-4665)
Vulnerability from cvelistv5 – Published: 2006-01-19 01:00 – Updated: 2024-08-07 23:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2005-09-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.punbb.org/changelogs/1.2.6_to_1.2.7.txt"
},
{
"name": "ADV-2005-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1708"
},
{
"name": "20060116 PunBB BBCode URL Tag Script Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/422088/100/0/threaded"
},
{
"name": "14808",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14808"
},
{
"name": "19382",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19382"
},
{
"name": "20060117 Re: PunBB BBCode URL Tag Script Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/422267/100/0/threaded"
},
{
"name": "16775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16775"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/changelogs/1.2.6_to_1.2.7.txt"
},
{
"name": "punbb-bbcode-url-xss(22234)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.punbb.org/changelogs/1.2.6_to_1.2.7.txt"
},
{
"name": "ADV-2005-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1708"
},
{
"name": "20060116 PunBB BBCode URL Tag Script Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/422088/100/0/threaded"
},
{
"name": "14808",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14808"
},
{
"name": "19382",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19382"
},
{
"name": "20060117 Re: PunBB BBCode URL Tag Script Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/422267/100/0/threaded"
},
{
"name": "16775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16775"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/changelogs/1.2.6_to_1.2.7.txt"
},
{
"name": "punbb-bbcode-url-xss(22234)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.punbb.org/changelogs/1.2.6_to_1.2.7.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.6_to_1.2.7.txt"
},
{
"name": "ADV-2005-1708",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1708"
},
{
"name": "20060116 PunBB BBCode URL Tag Script Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422088/100/0/threaded"
},
{
"name": "14808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14808"
},
{
"name": "19382",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19382"
},
{
"name": "20060117 Re: PunBB BBCode URL Tag Script Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422267/100/0/threaded"
},
{
"name": "16775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16775"
},
{
"name": "http://punbb.org/changelogs/1.2.6_to_1.2.7.txt",
"refsource": "CONFIRM",
"url": "http://punbb.org/changelogs/1.2.6_to_1.2.7.txt"
},
{
"name": "punbb-bbcode-url-xss(22234)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4665",
"datePublished": "2006-01-19T01:00:00.000Z",
"dateReserved": "2006-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:53:28.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}