Search criteria
82 vulnerabilities found for punbb by punbb
CVE-2011-3371 (GCVE-0-2011-3371)
Vulnerability from nvd – Published: 2011-10-02 20:00 – Updated: 2024-09-17 01:11
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-02T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"name": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip",
"refsource": "CONFIRM",
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026073"
},
{
"name": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d",
"refsource": "CONFIRM",
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"name": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"name": "http://punbb.informer.com/forums/topic/24430/punbb-136/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3371",
"datePublished": "2011-10-02T20:00:00.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:11:33.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4894 (GCVE-0-2009-4894)
Vulnerability from nvd – Published: 2010-06-15 01:00 – Updated: 2024-09-16 19:25
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:26.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-15T01:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/forums/topic/21669/punbb-134/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4894",
"datePublished": "2010-06-15T01:00:00.000Z",
"dateReserved": "2010-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:25:06.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0455 (GCVE-0-2010-0455)
Vulnerability from nvd – Published: 2010-01-28 20:00 – Updated: 2024-08-07 00:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2010-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:19.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0455",
"datePublished": "2010-01-28T20:00:00.000Z",
"dateReserved": "2010-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:52:19.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7241 (GCVE-0-2008-7241)
Vulnerability from nvd – Published: 2009-09-17 18:00 – Updated: 2024-09-17 03:42
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48685"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-17T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48685"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48685",
"refsource": "OSVDB",
"url": "http://osvdb.org/48685"
},
{
"name": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7241",
"datePublished": "2009-09-17T18:00:00.000Z",
"dateReserved": "2009-09-17T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:42:58.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5435 (GCVE-0-2008-5435)
Vulnerability from nvd – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2008-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-20T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32800",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"refsource": "OSVDB",
"url": "http://osvdb.org/50680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5435",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:46.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5434 (GCVE-0-2008-5434)
Vulnerability from nvd – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2008-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:45.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"name": "http://punbb.informer.com/forums/topic/20475/punbb-132/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5434",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:45.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5433 (GCVE-0-2008-5433)
Vulnerability from nvd – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2008-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-06T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/forums/topic/20475/punbb-132/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33059"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5433",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:46.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3968 (GCVE-0-2008-3968)
Vulnerability from nvd – Published: 2008-09-10 15:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "punbb-userlist-xss(45046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "punbb-userlist-xss(45046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "punbb-userlist-xss(45046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"name": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31082"
},
{
"name": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3968",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3336 (GCVE-0-2008-3336)
Vulnerability from nvd – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30396"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "http://punbb.informer.com/forums/topic/19539/punbb-1219/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3336",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:26.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3335 (GCVE-0-2008-3335)
Vulnerability from nvd – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:25.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30395"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "http://punbb.informer.com/forums/topic/19539/punbb-1219/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3335",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:25.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1485 (GCVE-0-2008-1485)
Vulnerability from nvd – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2008-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-01T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29043"
},
{
"name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"refsource": "OSVDB",
"url": "http://osvdb.org/45561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1485",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1484 (GCVE-0-2008-1484)
Vulnerability from nvd – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2008-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27908"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.org/forums/viewtopic.php?id=18460",
"refsource": "CONFIRM",
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29043"
},
{
"name": "http://sektioneins.de/advisories/SE-2008-01.txt",
"refsource": "MISC",
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"refsource": "OSVDB",
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27908"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1484",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2235 (GCVE-0-2007-2235)
Vulnerability from nvd – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/938"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/934"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/938"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/934"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://dev.punbb.org/changeset/938",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/938"
},
{
"name": "http://dev.punbb.org/changeset/934",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/934"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2235",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:27.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2234 (GCVE-0-2007-2234)
Vulnerability from nvd – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/933"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/933"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://dev.punbb.org/changeset/933",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/933"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2234",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2236 (GCVE-0-2007-2236)
Vulnerability from nvd – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.punbb.org/changeset/937",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2236",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:27.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3371 (GCVE-0-2011-3371)
Vulnerability from cvelistv5 – Published: 2011-10-02 20:00 – Updated: 2024-09-17 01:11
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-02T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"name": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip",
"refsource": "CONFIRM",
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026073"
},
{
"name": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d",
"refsource": "CONFIRM",
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"name": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"name": "http://punbb.informer.com/forums/topic/24430/punbb-136/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3371",
"datePublished": "2011-10-02T20:00:00.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:11:33.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4894 (GCVE-0-2009-4894)
Vulnerability from cvelistv5 – Published: 2010-06-15 01:00 – Updated: 2024-09-16 19:25
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:26.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-15T01:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/forums/topic/21669/punbb-134/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4894",
"datePublished": "2010-06-15T01:00:00.000Z",
"dateReserved": "2010-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:25:06.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0455 (GCVE-0-2010-0455)
Vulnerability from cvelistv5 – Published: 2010-01-28 20:00 – Updated: 2024-08-07 00:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2010-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:19.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0455",
"datePublished": "2010-01-28T20:00:00.000Z",
"dateReserved": "2010-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:52:19.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7241 (GCVE-0-2008-7241)
Vulnerability from cvelistv5 – Published: 2009-09-17 18:00 – Updated: 2024-09-17 03:42
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48685"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-17T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48685"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48685",
"refsource": "OSVDB",
"url": "http://osvdb.org/48685"
},
{
"name": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7241",
"datePublished": "2009-09-17T18:00:00.000Z",
"dateReserved": "2009-09-17T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:42:58.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5433 (GCVE-0-2008-5433)
Vulnerability from cvelistv5 – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2008-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-06T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/forums/topic/20475/punbb-132/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33059"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5433",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:46.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5435 (GCVE-0-2008-5435)
Vulnerability from cvelistv5 – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2008-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-20T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32800",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"refsource": "OSVDB",
"url": "http://osvdb.org/50680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5435",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:46.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5434 (GCVE-0-2008-5434)
Vulnerability from cvelistv5 – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI?
Summary
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2008-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:45.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"name": "http://punbb.informer.com/forums/topic/20475/punbb-132/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5434",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:45.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3968 (GCVE-0-2008-3968)
Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "punbb-userlist-xss(45046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "punbb-userlist-xss(45046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "punbb-userlist-xss(45046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"name": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31082"
},
{
"name": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3968",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3336 (GCVE-0-2008-3336)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30396"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "http://punbb.informer.com/forums/topic/19539/punbb-1219/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3336",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:26.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3335 (GCVE-0-2008-3335)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2008-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:25.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30395"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "http://punbb.informer.com/forums/topic/19539/punbb-1219/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3335",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:25.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1485 (GCVE-0-2008-1485)
Vulnerability from cvelistv5 – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2008-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-01T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29043"
},
{
"name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"refsource": "OSVDB",
"url": "http://osvdb.org/45561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1485",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1484 (GCVE-0-2008-1484)
Vulnerability from cvelistv5 – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2008-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27908"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.org/forums/viewtopic.php?id=18460",
"refsource": "CONFIRM",
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29043"
},
{
"name": "http://sektioneins.de/advisories/SE-2008-01.txt",
"refsource": "MISC",
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"refsource": "OSVDB",
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27908"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1484",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2235 (GCVE-0-2007-2235)
Vulnerability from cvelistv5 – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/938"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/934"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/938"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/934"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://dev.punbb.org/changeset/938",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/938"
},
{
"name": "http://dev.punbb.org/changeset/934",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/934"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2235",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:27.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2234 (GCVE-0-2007-2234)
Vulnerability from cvelistv5 – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/933"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/933"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://dev.punbb.org/changeset/933",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/933"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2234",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2236 (GCVE-0-2007-2236)
Vulnerability from cvelistv5 – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.punbb.org/changeset/937",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2236",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:27.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}