Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.
CVSS Score
4.3
EPSS Score
0.005
Published
2006-03-09
PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly.
CVSS Score
5.0
EPSS Score
0.038
Published
2006-02-23
PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters.
CVSS Score
5.0
EPSS Score
0.004
Published
2006-02-23
PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-12-31
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-12-31
SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter.
CVSS Score
7.5
EPSS Score
0.017
Published
2005-11-06
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-09-27
PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection.
CVSS Score
4.6
EPSS Score
0.005
Published
2005-09-27
Page 2