Web application abuses : phpBB < 2.0.10 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.13840

Categoría: Web application abuses

Título: phpBB < 2.0.10 Multiple Vulnerabilities

Resumen: phpBB is prone to multiple vulnerabilities.

Descripción: Summary:
phpBB is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- CVE-2004-0730: Multiple cross-site scripting (XSS) vulnerabilities

- CVE-2004-2054: A HTTP response splitting vulnerability which permits the injection of CRLF
characters in the HTTP headers.

- CVE-2004-2055: A flaw that allows a remote XSS attack. This flaw exists because the application
does not validate user-supplied input in the 'search_author' parameter.

Affected Software/OS:
phpBB prior to version 2.0.10.

Solution:
Update to version 2.0.10 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0730
BugTraq ID: 10738
http://www.securityfocus.com/bid/10738
Bugtraq: 20040716 [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8] (Google Search)
http://marc.info/?l=bugtraq&m=108999024506020&w=2
http://www.waraxe.us/index.php?modname=sa&id=34
XForce ISS Database: phpbb-indexphp-xss(16724)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16724
XForce ISS Database: phpbb-lang-bbcode-xss(16726)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16726
XForce ISS Database: phpbb-lang-faq-xss(16725)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16725
Common Vulnerability Exposure (CVE) ID: CVE-2004-2054
BugTraq ID: 10753
http://www.securityfocus.com/bid/10753
Bugtraq: 20040720 PhpBB HTTP Response Splitting & Cross Site Scripting vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=109034476122723&w=2
http://secunia.com/advisories/12114
XForce ISS Database: phpbb-search-response-splitting(16759)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16759
Common Vulnerability Exposure (CVE) ID: CVE-2004-2055
XForce ISS Database: phpbb-search-searchauthor-xss(16758)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16758

Copyright Copyright (C) 2005 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.13840
Categoría:	Web application abuses
Título:	phpBB < 2.0.10 Multiple Vulnerabilities
Resumen:	phpBB is prone to multiple vulnerabilities.
Descripción:	Summary: phpBB is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2004-0730: Multiple cross-site scripting (XSS) vulnerabilities - CVE-2004-2054: A HTTP response splitting vulnerability which permits the injection of CRLF characters in the HTTP headers. - CVE-2004-2055: A flaw that allows a remote XSS attack. This flaw exists because the application does not validate user-supplied input in the 'search_author' parameter. Affected Software/OS: phpBB prior to version 2.0.10. Solution: Update to version 2.0.10 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0730 BugTraq ID: 10738 http://www.securityfocus.com/bid/10738 Bugtraq: 20040716 [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8] (Google Search) http://marc.info/?l=bugtraq&m=108999024506020&w=2 http://www.waraxe.us/index.php?modname=sa&id=34 XForce ISS Database: phpbb-indexphp-xss(16724) https://exchange.xforce.ibmcloud.com/vulnerabilities/16724 XForce ISS Database: phpbb-lang-bbcode-xss(16726) https://exchange.xforce.ibmcloud.com/vulnerabilities/16726 XForce ISS Database: phpbb-lang-faq-xss(16725) https://exchange.xforce.ibmcloud.com/vulnerabilities/16725 Common Vulnerability Exposure (CVE) ID: CVE-2004-2054 BugTraq ID: 10753 http://www.securityfocus.com/bid/10753 Bugtraq: 20040720 PhpBB HTTP Response Splitting & Cross Site Scripting vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=109034476122723&w=2 http://secunia.com/advisories/12114 XForce ISS Database: phpbb-search-response-splitting(16759) https://exchange.xforce.ibmcloud.com/vulnerabilities/16759 Common Vulnerability Exposure (CVE) ID: CVE-2004-2055 XForce ISS Database: phpbb-search-searchauthor-xss(16758) https://exchange.xforce.ibmcloud.com/vulnerabilities/16758
Copyright	Copyright (C) 2005 David Maciejak