Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
punbb punbb vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-0569
Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote malicious users to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php.
Punbb Punbb 1.2.1
1 EDB exploit
NA
CVE-2005-0571
admin_loader.php in PunBB 1.2.1 allows remote malicious users to read arbitrary files via the plugin parameter.
Punbb Punbb 1.2.1
NA
CVE-2006-2724
Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227.
Punbb Punbb 1.2.11
NA
CVE-2005-0570
profile.php in PunBB 1.2.1 allows remote malicious users to cause a denial of service (account lockout) by setting the user's password to NULL.
Punbb Punbb 1.2.1
NA
CVE-2005-0818
Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote malicious users to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters.
Punbb Punbb 1.2.3
1 EDB exploit
NA
CVE-2005-4688
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an malicious user to make an address change via a hijacked login session.
Punbb Punbb 1.2.9
NA
CVE-2006-1090
register.php in PunBB 1.2.10 allows remote malicious users to cause an unspecified denial of service via a flood of new user registrations.
Punbb Punbb 1.2.10
1 EDB exploit
NA
CVE-2006-5737
PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.
Punbb Punbb 1.2.14
NA
CVE-2006-4759
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: ...
Punbb Punbb 1.2.12
NA
CVE-2010-0455
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote malicious users to inject arbitrary web script or HTML via the pid parameter.
Punbb Punbb 1.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »