Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
punbb punbb vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2005-0569
Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote malicious users to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php.
Punbb Punbb 1.2.1
1 EDB exploit
5
CVSSv2
CVE-2005-0571
admin_loader.php in PunBB 1.2.1 allows remote malicious users to read arbitrary files via the plugin parameter.
Punbb Punbb 1.2.1
6.8
CVSSv2
CVE-2006-2724
Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227.
Punbb Punbb 1.2.11
5
CVSSv2
CVE-2005-0570
profile.php in PunBB 1.2.1 allows remote malicious users to cause a denial of service (account lockout) by setting the user's password to NULL.
Punbb Punbb 1.2.1
4.3
CVSSv2
CVE-2005-0818
Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote malicious users to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters.
Punbb Punbb 1.2.3
1 EDB exploit
5
CVSSv2
CVE-2005-4688
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an malicious user to make an address change via a hijacked login session.
Punbb Punbb 1.2.9
7.8
CVSSv2
CVE-2006-1090
register.php in PunBB 1.2.10 allows remote malicious users to cause an unspecified denial of service via a flood of new user registrations.
Punbb Punbb 1.2.10
1 EDB exploit
7.2
CVSSv2
CVE-2006-5737
PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.
Punbb Punbb 1.2.14
3.6
CVSSv2
CVE-2006-4759
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: ...
Punbb Punbb 1.2.12
4.3
CVSSv2
CVE-2010-0455
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote malicious users to inject arbitrary web script or HTML via the pid parameter.
Punbb Punbb 1.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »