Filtered by vendor Punbb Subscriptions
Filtered by product Punbb Subscriptions

Search

Switch to Advanced Search (Beta)
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-1089 1 Punbb 1 Punbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.
CVE-2005-1051 1 Punbb 1 Punbb 2025-04-03 N/A
SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action.
CVE-2006-4759 1 Punbb 1 Punbb 2025-04-03 N/A
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.
CVE-2005-0818 1 Punbb 1 Punbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters.
CVE-2005-4688 1 Punbb 1 Punbb 2025-04-03 N/A
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.
CVE-2006-2724 1 Punbb 1 Punbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227.
CVE-2006-0865 1 Punbb 1 Punbb 2025-04-03 N/A
PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly.