Search
Find a vulnerability
Search criteria
82 vulnerabilities by punbb
CVE-2011-3371 (GCVE-0-2011-3371)
Vulnerability from nvd – Published: 2011-10-02 20:00 – Updated: 2024-09-17 01:11
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| https://github.com/downloads/punbb/punbb/punbb-1.… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://securitytracker.com/id?1026073 | vdb-entryx_refsource_SECTRACK |
| https://github.com/punbb/punbb/commit/dd50a50a276… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2011/09/18/1 | mailing-listx_refsource_MLIST |
| http://punbb.informer.com/forums/topic/24427/mult… | x_refsource_CONFIRM |
| http://punbb.informer.com/forums/topic/24430/punbb-136/ | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2011/09/22/3 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-02T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"name": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip",
"refsource": "CONFIRM",
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026073"
},
{
"name": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d",
"refsource": "CONFIRM",
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"name": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"name": "http://punbb.informer.com/forums/topic/24430/punbb-136/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3371",
"datePublished": "2011-10-02T20:00:00.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:11:33.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4894 (GCVE-0-2009-4894)
Vulnerability from nvd – Published: 2010-06-15 01:00 – Updated: 2024-09-16 19:25
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://punbb.informer.com/forums/topic/21669/punbb-134/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:26.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-15T01:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/forums/topic/21669/punbb-134/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4894",
"datePublished": "2010-06-15T01:00:00.000Z",
"dateReserved": "2010-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:25:06.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0455 (GCVE-0-2010-0455)
Vulnerability from nvd – Published: 2010-01-28 20:00 – Updated: 2024-08-07 00:52
VLAI
Summary
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.packetstormsecurity.com/1001-exploits/… | x_refsource_MISC |
| http://www.securityfocus.com/bid/37930 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:19.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0455",
"datePublished": "2010-01-28T20:00:00.000Z",
"dateReserved": "2010-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:52:19.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7241 (GCVE-0-2008-7241)
Vulnerability from nvd – Published: 2009-09-17 18:00 – Updated: 2024-09-17 03:42
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://osvdb.org/48685 | vdb-entryx_refsource_OSVDB |
| http://punbb.informer.com/download/changelogs/1.2… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48685"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-17T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48685"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48685",
"refsource": "OSVDB",
"url": "http://osvdb.org/48685"
},
{
"name": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7241",
"datePublished": "2009-09-17T18:00:00.000Z",
"dateReserved": "2009-09-17T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:42:58.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5435 (GCVE-0-2008-5435)
Vulnerability from nvd – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI
Summary
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/32800 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2008/12/09/3 | mailing-listx_refsource_MLIST |
| http://punbb.informer.com/ | x_refsource_CONFIRM |
| http://osvdb.org/50680 | vdb-entryx_refsource_OSVDB |
Date Public
2008-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-20T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32800",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"refsource": "OSVDB",
"url": "http://osvdb.org/50680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5435",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:46.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5434 (GCVE-0-2008-5434)
Vulnerability from nvd – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI
Summary
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2008/12/09/3 | mailing-listx_refsource_MLIST |
| http://punbb.informer.com/wiki/punbb13/bugs#poten… | x_refsource_CONFIRM |
| http://punbb.informer.com/forums/topic/20475/punbb-132/ | x_refsource_CONFIRM |
| http://punbb.informer.com/ | x_refsource_CONFIRM |
| http://secunia.com/advisories/33059 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://punbb.informer.com/wiki/punbb13/bugs#poten… | x_refsource_CONFIRM |
Date Public
2008-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:45.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"name": "http://punbb.informer.com/forums/topic/20475/punbb-132/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5434",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:45.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5433 (GCVE-0-2008-5433)
Vulnerability from nvd – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI
Summary
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2008/12/09/3 | mailing-listx_refsource_MLIST |
| http://punbb.informer.com/forums/topic/20475/punbb-132/ | x_refsource_CONFIRM |
| http://punbb.informer.com/ | x_refsource_CONFIRM |
| http://secunia.com/advisories/33059 | third-party-advisoryx_refsource_SECUNIA |
| http://punbb.informer.com/wiki/punbb13/bugs#possi… | x_refsource_CONFIRM |
Date Public
2008-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-06T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/forums/topic/20475/punbb-132/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33059"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5433",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:46.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3968 (GCVE-0-2008-3968)
Vulnerability from nvd – Published: 2008-09-10 15:00 – Updated: 2024-08-07 10:00
VLAI
Summary
Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2008/0… | mailing-listx_refsource_MLIST |
| http://punbb.informer.com/download/changelogs/1.2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/31082 | vdb-entryx_refsource_BID |
| http://punbb.informer.com/forums/topic/19682/punb… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2008/09/09/2 | mailing-listx_refsource_MLIST |
Date Public
2008-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "punbb-userlist-xss(45046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "punbb-userlist-xss(45046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "punbb-userlist-xss(45046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"name": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31082"
},
{
"name": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3968",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3335 (GCVE-0-2008-3335)
Vulnerability from nvd – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI
Summary
Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://punbb.informer.com/download/changelogs/1.2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/30395 | vdb-entryx_refsource_BID |
| http://punbb.informer.com/ | x_refsource_CONFIRM |
| http://punbb.informer.com/forums/topic/19539/punb… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/31219 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:25.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30395"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "http://punbb.informer.com/forums/topic/19539/punbb-1219/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3335",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:25.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3336 (GCVE-0-2008-3336)
Vulnerability from nvd – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://punbb.informer.com/download/changelogs/1.2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/30396 | vdb-entryx_refsource_BID |
| http://punbb.informer.com/ | x_refsource_CONFIRM |
| http://punbb.informer.com/forums/topic/19539/punb… | x_refsource_CONFIRM |
| http://secunia.com/advisories/31219 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30396"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "http://punbb.informer.com/forums/topic/19539/punbb-1219/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3336",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:26.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1484 (GCVE-0-2008-1484)
Vulnerability from nvd – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI
Summary
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://punbb.org/forums/viewtopic.php?id=18460 | x_refsource_CONFIRM |
| http://secunia.com/advisories/29043 | third-party-advisoryx_refsource_SECUNIA |
| http://sektioneins.de/advisories/SE-2008-01.txt | x_refsource_MISC |
| http://punbb.org/download/changelogs/1.2.16_to_1.… | x_refsource_CONFIRM |
| http://osvdb.org/45561 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/488408/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/5165 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/27908 | vdb-entryx_refsource_BID |
Date Public
2008-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27908"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.org/forums/viewtopic.php?id=18460",
"refsource": "CONFIRM",
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29043"
},
{
"name": "http://sektioneins.de/advisories/SE-2008-01.txt",
"refsource": "MISC",
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"refsource": "OSVDB",
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27908"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1484",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1485 (GCVE-0-2008-1485)
Vulnerability from nvd – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/29043 | third-party-advisoryx_refsource_SECUNIA |
| http://punbb.org/download/changelogs/1.2.16_to_1.… | x_refsource_CONFIRM |
| http://osvdb.org/45561 | vdb-entryx_refsource_OSVDB |
Date Public
2008-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-01T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29043"
},
{
"name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"refsource": "OSVDB",
"url": "http://osvdb.org/45561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1485",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2235 (GCVE-0-2007-2235)
Vulnerability from nvd – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/465338/100… | mailing-listx_refsource_BUGTRAQ |
| http://dev.punbb.org/changeset/938 | x_refsource_CONFIRM |
| http://dev.punbb.org/changeset/934 | x_refsource_CONFIRM |
| http://www.acid-root.new.fr/advisories/13070411.txt | x_refsource_MISC |
| http://secunia.com/advisories/24843 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/2613 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2007/1362 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/465400/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/938"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/934"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/938"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/934"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://dev.punbb.org/changeset/938",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/938"
},
{
"name": "http://dev.punbb.org/changeset/934",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/934"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2235",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:27.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2236 (GCVE-0-2007-2236)
Vulnerability from nvd – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI
Summary
footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://dev.punbb.org/changeset/937 | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/465338/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.acid-root.new.fr/advisories/13070411.txt | x_refsource_MISC |
| http://secunia.com/advisories/24843 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/2613 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2007/1362 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/465400/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.punbb.org/changeset/937",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2236",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:27.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2234 (GCVE-0-2007-2234)
Vulnerability from nvd – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI
Summary
include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/465338/100… | mailing-listx_refsource_BUGTRAQ |
| http://dev.punbb.org/changeset/933 | x_refsource_CONFIRM |
| http://www.acid-root.new.fr/advisories/13070411.txt | x_refsource_MISC |
| http://securityreason.com/securityalert/2613 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/465400/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/933"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/933"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://dev.punbb.org/changeset/933",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/933"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2234",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3371 (GCVE-0-2011-3371)
Vulnerability from cvelistv5 – Published: 2011-10-02 20:00 – Updated: 2024-09-17 01:11
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| https://github.com/downloads/punbb/punbb/punbb-1.… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://securitytracker.com/id?1026073 | vdb-entryx_refsource_SECTRACK |
| https://github.com/punbb/punbb/commit/dd50a50a276… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2011/09/18/1 | mailing-listx_refsource_MLIST |
| http://punbb.informer.com/forums/topic/24427/mult… | x_refsource_CONFIRM |
| http://punbb.informer.com/forums/topic/24430/punbb-136/ | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2011/09/22/3 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-02T20:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110916 PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html"
},
{
"name": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip",
"refsource": "CONFIRM",
"url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip"
},
{
"name": "20110918 Re: PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html"
},
{
"name": "20110922 Re: PunBB PHP Forum - Multiple XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html"
},
{
"name": "1026073",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026073"
},
{
"name": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d",
"refsource": "CONFIRM",
"url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d"
},
{
"name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/18/1"
},
{
"name": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/"
},
{
"name": "http://punbb.informer.com/forums/topic/24430/punbb-136/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/24430/punbb-136/"
},
{
"name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3371",
"datePublished": "2011-10-02T20:00:00.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:11:33.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4894 (GCVE-0-2009-4894)
Vulnerability from cvelistv5 – Published: 2010-06-15 01:00 – Updated: 2024-09-16 19:25
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://punbb.informer.com/forums/topic/21669/punbb-134/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:26.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-15T01:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/forums/topic/21669/punbb-134/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4894",
"datePublished": "2010-06-15T01:00:00.000Z",
"dateReserved": "2010-06-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:25:06.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0455 (GCVE-0-2010-0455)
Vulnerability from cvelistv5 – Published: 2010-01-28 20:00 – Updated: 2024-08-07 00:52
VLAI
Summary
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.packetstormsecurity.com/1001-exploits/… | x_refsource_MISC |
| http://www.securityfocus.com/bid/37930 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-01-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:19.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1001-exploits/punbb13-xss.txt"
},
{
"name": "37930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37930"
},
{
"name": "punbb-viewtopic-xss(55853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55853"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0455",
"datePublished": "2010-01-28T20:00:00.000Z",
"dateReserved": "2010-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:52:19.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7241 (GCVE-0-2008-7241)
Vulnerability from cvelistv5 – Published: 2009-09-17 18:00 – Updated: 2024-09-17 03:42
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://osvdb.org/48685 | vdb-entryx_refsource_OSVDB |
| http://punbb.informer.com/download/changelogs/1.2… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48685"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-17T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48685",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48685"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48685",
"refsource": "OSVDB",
"url": "http://osvdb.org/48685"
},
{
"name": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.16_to_1.2.17.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7241",
"datePublished": "2009-09-17T18:00:00.000Z",
"dateReserved": "2009-09-17T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:42:58.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5434 (GCVE-0-2008-5434)
Vulnerability from cvelistv5 – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI
Summary
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2008/12/09/3 | mailing-listx_refsource_MLIST |
| http://punbb.informer.com/wiki/punbb13/bugs#poten… | x_refsource_CONFIRM |
| http://punbb.informer.com/forums/topic/20475/punbb-132/ | x_refsource_CONFIRM |
| http://punbb.informer.com/ | x_refsource_CONFIRM |
| http://secunia.com/advisories/33059 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://punbb.informer.com/wiki/punbb13/bugs#poten… | x_refsource_CONFIRM |
Date Public
2008-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:45.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values"
},
{
"name": "http://punbb.informer.com/forums/topic/20475/punbb-132/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33059"
},
{
"name": "punbb-users-sql-injection(47185)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47185"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5434",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:45.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5435 (GCVE-0-2008-5435)
Vulnerability from cvelistv5 – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI
Summary
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/32800 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2008/12/09/3 | mailing-listx_refsource_MLIST |
| http://punbb.informer.com/ | x_refsource_CONFIRM |
| http://osvdb.org/50680 | vdb-entryx_refsource_OSVDB |
Date Public
2008-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-20T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32800",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32800"
},
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "50680",
"refsource": "OSVDB",
"url": "http://osvdb.org/50680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5435",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:46.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5433 (GCVE-0-2008-5433)
Vulnerability from cvelistv5 – Published: 2008-12-11 15:00 – Updated: 2024-08-07 10:56
VLAI
Summary
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2008/12/09/3 | mailing-listx_refsource_MLIST |
| http://punbb.informer.com/forums/topic/20475/punbb-132/ | x_refsource_CONFIRM |
| http://punbb.informer.com/ | x_refsource_CONFIRM |
| http://secunia.com/advisories/33059 | third-party-advisoryx_refsource_SECUNIA |
| http://punbb.informer.com/wiki/punbb13/bugs#possi… | x_refsource_CONFIRM |
Date Public
2008-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-06T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081209 CVE request: Four issues in PunBB",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/09/3"
},
{
"name": "http://punbb.informer.com/forums/topic/20475/punbb-132/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/20475/punbb-132/"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "33059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33059"
},
{
"name": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/wiki/punbb13/bugs#possible_xss_in_login"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5433",
"datePublished": "2008-12-11T15:00:00.000Z",
"dateReserved": "2008-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:56:46.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3968 (GCVE-0-2008-3968)
Vulnerability from cvelistv5 – Published: 2008-09-10 15:00 – Updated: 2024-08-07 10:00
VLAI
Summary
Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2008/0… | mailing-listx_refsource_MLIST |
| http://punbb.informer.com/download/changelogs/1.2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/31082 | vdb-entryx_refsource_BID |
| http://punbb.informer.com/forums/topic/19682/punb… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2008/09/09/2 | mailing-listx_refsource_MLIST |
Date Public
2008-08-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "punbb-userlist-xss(45046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "punbb-userlist-xss(45046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "punbb-userlist-xss(45046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45046"
},
{
"name": "[oss-security] 20080909 Re: cve request: punbb \u003c 1.2.20 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/10"
},
{
"name": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.19_to_1.2.20.txt"
},
{
"name": "31082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31082"
},
{
"name": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19682/punbb-1220-and-13rc-hotfix-released/"
},
{
"name": "[oss-security] 20080909 cve request: punbb \u003c 1.2.20 xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3968",
"datePublished": "2008-09-10T15:00:00.000Z",
"dateReserved": "2008-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3335 (GCVE-0-2008-3335)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI
Summary
Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://punbb.informer.com/download/changelogs/1.2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/30395 | vdb-entryx_refsource_BID |
| http://punbb.informer.com/ | x_refsource_CONFIRM |
| http://punbb.informer.com/forums/topic/19539/punb… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/31219 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:25.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30395"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "http://punbb.informer.com/forums/topic/19539/punbb-1219/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "punbb-smtp-command-execution(44010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44010"
},
{
"name": "31219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3335",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:25.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3336 (GCVE-0-2008-3336)
Vulnerability from cvelistv5 – Published: 2008-07-27 23:00 – Updated: 2024-08-07 09:37
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://punbb.informer.com/download/changelogs/1.2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/30396 | vdb-entryx_refsource_BID |
| http://punbb.informer.com/ | x_refsource_CONFIRM |
| http://punbb.informer.com/forums/topic/19539/punb… | x_refsource_CONFIRM |
| http://secunia.com/advisories/31219 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt"
},
{
"name": "30396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30396"
},
{
"name": "http://punbb.informer.com/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/"
},
{
"name": "http://punbb.informer.com/forums/topic/19539/punbb-1219/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/"
},
{
"name": "31219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31219"
},
{
"name": "punbb-parser-moderate-xss(44009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3336",
"datePublished": "2008-07-27T23:00:00.000Z",
"dateReserved": "2008-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:26.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1484 (GCVE-0-2008-1484)
Vulnerability from cvelistv5 – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI
Summary
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://punbb.org/forums/viewtopic.php?id=18460 | x_refsource_CONFIRM |
| http://secunia.com/advisories/29043 | third-party-advisoryx_refsource_SECUNIA |
| http://sektioneins.de/advisories/SE-2008-01.txt | x_refsource_MISC |
| http://punbb.org/download/changelogs/1.2.16_to_1.… | x_refsource_CONFIRM |
| http://osvdb.org/45561 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/488408/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/5165 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/27908 | vdb-entryx_refsource_BID |
Date Public
2008-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27908"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.org/forums/viewtopic.php?id=18460",
"refsource": "CONFIRM",
"url": "http://punbb.org/forums/viewtopic.php?id=18460"
},
{
"name": "29043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29043"
},
{
"name": "http://sektioneins.de/advisories/SE-2008-01.txt",
"refsource": "MISC",
"url": "http://sektioneins.de/advisories/SE-2008-01.txt"
},
{
"name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"refsource": "OSVDB",
"url": "http://osvdb.org/45561"
},
{
"name": "20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488408/100/200/threaded"
},
{
"name": "5165",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5165"
},
{
"name": "27908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27908"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1484",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1485 (GCVE-0-2008-1485)
Vulnerability from cvelistv5 – Published: 2008-03-24 23:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/29043 | third-party-advisoryx_refsource_SECUNIA |
| http://punbb.org/download/changelogs/1.2.16_to_1.… | x_refsource_CONFIRM |
| http://osvdb.org/45561 | vdb-entryx_refsource_OSVDB |
Date Public
2008-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-01T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29043"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29043"
},
{
"name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"refsource": "OSVDB",
"url": "http://osvdb.org/45561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1485",
"datePublished": "2008-03-24T23:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2235 (GCVE-0-2007-2235)
Vulnerability from cvelistv5 – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/465338/100… | mailing-listx_refsource_BUGTRAQ |
| http://dev.punbb.org/changeset/938 | x_refsource_CONFIRM |
| http://dev.punbb.org/changeset/934 | x_refsource_CONFIRM |
| http://www.acid-root.new.fr/advisories/13070411.txt | x_refsource_MISC |
| http://secunia.com/advisories/24843 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/2613 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2007/1362 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/465400/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/938"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/934"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/938"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/934"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://dev.punbb.org/changeset/938",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/938"
},
{
"name": "http://dev.punbb.org/changeset/934",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/934"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2235",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:27.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2236 (GCVE-0-2007-2236)
Vulnerability from cvelistv5 – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI
Summary
footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://dev.punbb.org/changeset/937 | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/465338/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.acid-root.new.fr/advisories/13070411.txt | x_refsource_MISC |
| http://secunia.com/advisories/24843 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/2613 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2007/1362 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/465400/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:27.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.punbb.org/changeset/937",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/937"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "24843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24843"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "ADV-2007-1362",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1362"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2236",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:27.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2234 (GCVE-0-2007-2234)
Vulnerability from cvelistv5 – Published: 2007-04-25 15:00 – Updated: 2024-08-07 13:33
VLAI
Summary
include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/465338/100… | mailing-listx_refsource_BUGTRAQ |
| http://dev.punbb.org/changeset/933 | x_refsource_CONFIRM |
| http://www.acid-root.new.fr/advisories/13070411.txt | x_refsource_MISC |
| http://securityreason.com/securityalert/2613 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/465400/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.punbb.org/changeset/933"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.punbb.org/changeset/933"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070411 PunBB \u003c= 1.2.14 Remote Code Execution (Exploit)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465338/100/100/threaded"
},
{
"name": "http://dev.punbb.org/changeset/933",
"refsource": "CONFIRM",
"url": "http://dev.punbb.org/changeset/933"
},
{
"name": "http://www.acid-root.new.fr/advisories/13070411.txt",
"refsource": "MISC",
"url": "http://www.acid-root.new.fr/advisories/13070411.txt"
},
{
"name": "2613",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2613"
},
{
"name": "20070411 PunBB \u003c= 1.2.14 Multiple Vulnerabilities (Advisory)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465400/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2234",
"datePublished": "2007-04-25T15:00:00.000Z",
"dateReserved": "2007-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:33:28.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}