Oval Definition:oval:org.mitre.oval:def:8028
Revision Date:2014-06-23Version:18
Title:DSA-1488 phpbb2 -- several vulnerabilities
Description:Several remote vulnerabilities have been discovered in phpBB, a web based bulletin board. The Common Vulnerabilities and Exposures project identifies the following problems: Private messaging allowed cross site request forgery, making it possible to delete all private messages of a user by sending them to a crafted web page. Cross site request forgery enabled an attacker to perform various actions on behalf of a logged in user. (Applies to sarge only.) A negative start parameter could allow an attacker to create invalid output. (Applies to sarge only.) Redirection targets were not fully checked, leaving room for unauthorised external redirections via a phpBB forum. (Applies to sarge only.) An authenticated forum administrator may upload files of any type by using specially crafted filenames. (Applies to sarge only.)
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2006-4758
CVE-2006-6508
CVE-2006-6839
CVE-2006-6840
CVE-2006-6841
CVE-2008-0471
DSA-1488
Platform(s):Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Product(s):phpbb2
Definition Synopsis
  • Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Installed architecture is all
  • AND Packages section
  • phpbb2-languages is earlier than 2.0.21-7
  • OR phpbb2 is earlier than 2.0.21-7
  • OR phpbb2-conf-mysql is earlier than 2.0.21-7
  • OR Release section
  • Debian GNU/Linux 3.1 is installed
  • AND Installed architecture is all
  • AND Packages section
  • phpbb2 is earlier than 2.0.13-6sarge4
  • OR phpbb2-languages is earlier than 2.0.13-6sarge4
  • OR phpbb2-conf-mysql is earlier than 2.0.13-6sarge4
  • BACK