Shodan
Vulnerabilities
Vulnerable Software
Punbb:  >> Punbb  Security Vulnerabilities
CVE-2006-0865
PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly.
CVSS Score
5.0
EPSS Score
0.038
Published
2006-02-23
CVE-2006-0866
PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters.
CVSS Score
5.0
EPSS Score
0.004
Published
2006-02-23
CVE-2005-4665
Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags.
CVSS Score
4.3
EPSS Score
0.012
Published
2005-12-31
CVE-2005-4686
PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-12-31
CVE-2005-4687
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-12-31
CVE-2005-4688
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-12-31
CVE-2005-3518
SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter.
CVSS Score
7.5
EPSS Score
0.017
Published
2005-11-06
CVE-2005-3328
PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter.
CVSS Score
7.5
EPSS Score
0.019
Published
2005-10-27
CVE-2005-3078
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-09-27
CVE-2005-3079
PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection.
CVSS Score
4.6
EPSS Score
0.005
Published
2005-09-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved