Filtered by vendor Punbb Subscriptions
Filtered by product Punbb Subscriptions
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-4688 1 Punbb 1 Punbb 2025-04-03 N/A
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.
CVE-2006-0865 1 Punbb 1 Punbb 2025-04-03 N/A
PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly.
CVE-2006-1089 1 Punbb 1 Punbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.
CVE-2006-4759 1 Punbb 1 Punbb 2025-04-03 N/A
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.
CVE-2005-3078 1 Punbb 1 Punbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature.
CVE-2006-0866 1 Punbb 1 Punbb 2025-04-03 N/A
PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters.
CVE-2005-1051 1 Punbb 1 Punbb 2025-04-03 N/A
SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action.