Filtered by vendor Punbb Subscriptions
Filtered by product Punbb Subscriptions

Search

Switch to Advanced Search (Beta)
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-0818 1 Punbb 1 Punbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters.
CVE-2005-1072 1 Punbb 1 Punbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML.
CVE-2005-3078 1 Punbb 1 Punbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature.
CVE-2005-4687 2 F-art Agency, Punbb 2 Blog Cms, Punbb 2025-04-03 N/A
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
CVE-2005-3328 1 Punbb 1 Punbb 2025-04-03 N/A
PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter.
CVE-2006-2724 1 Punbb 1 Punbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227.
CVE-2006-4759 1 Punbb 1 Punbb 2025-04-03 N/A
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.