Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
punbb punbb vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2006-2227
Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote malicious users to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized.
Punbb Punbb 1.2.11
5.1
CVSSv2
CVE-2008-6308
Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and previous versions for PunBB allow remote malicious users to include and execute arbitrary files via a .. (dot dot) in the pun_user[language] parameter to (1) functions_navlinks.php, (2) heade...
Punbb Private Messaging System
Punbb Private Messaging System 1.2.0
Punbb Private Messaging System 1.2.1
Punbb Private Messaging System 1.2.2
1 EDB exploit
3.5
CVSSv2
CVE-2021-28968
An issue exists in PunBB prior to 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message.
Gnu Punbb
5.8
CVSSv2
CVE-2007-6527
uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote malicious users to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME t...
Rickard Andersson Punbb 1.3.3
7.5
CVSSv2
CVE-2009-2308
Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and previous versions for PunBB allow remote malicious users to execute arbitrary SQL commands via the (1) in or (2) out parameter.
Punres Affiliates Mod
Punres Affiliates Mod 1.0.0
1 EDB exploit
6.8
CVSSv2
CVE-2009-2787
Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and previous versions for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary...
Reputation Reputation
Reputation Reputation 2.0.4
Reputation Reputation 2.2.3
1 EDB exploit
7.5
CVSSv2
CVE-2009-2786
SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and previous versions for PunBB allows remote malicious users to execute arbitrary SQL commands via the poster parameter.
Reputation Reputation
Reputation Reputation 2.0.4
Reputation Reputation 2.2.3
1 EDB exploit
5.1
CVSSv2
CVE-2008-5418
Directory traversal vulnerability in login.php in the PunPortal module prior to 2.0 for PunBB allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
Justin Roy Punportal Module 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-2276
SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and previous versions for PunBB allows remote malicious users to execute arbitrary SQL commands via the out parameter.
Biglle Vote For Us Extension
Biglle Vote For Us Extension 1.0
1 EDB exploit
4.3
CVSSv2
CVE-2006-1894
Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote malicious users to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses t...
Revoboard Revoboard 1.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5