Unpatched in all versions-including the latest 2.019 version-of phpbb
1. phpBB "gen_rand_string()" Predictable RNG Weakness:
can be exploited by malicious people to change other user's passwords. Successful exploitation requires knowledge of a user's username and e-mail address.
http://secunia.com/advisories/18727/
2. phpBB "Referer" Header Session ID Disclosure:
can be exploited by malicious people to disclose sensitive information. This can e.g. be exploited to disclose the administrator's session ID by tricking the administrator into viewing a malicious user's profile containing an external avatar image. Successful exploitation may open up for various cross-site request forgery and cross-site scripting attack
http://secunia.com/advisories/18693/
3. phpBB "Allow HTML" Script Insertion Security Issue:
can be exploited by malicious people to conduct script insertion attacks. The security issue was inadequate fixed in version 2.0.19. It has been confirmed that it is possible to bypass the fix by using single-quote characters instead of double-quote characters
There are 53 other security vulnerabilities that affect earlier versions of phpbb:
http://secunia.com/search/?search=phpbb
SMART ADVICE FOR "CrapwareBB" users: use different forum software. PHPBB has been a security nightmare for 5 years.
sucks
v. sucked, suck·ing, suck
v. intr.
1. To draw something in by or as if by suction: felt the drain starting to suck.
2. To draw nourishment; suckle.
3. To make a sound caused by suction.
4. Vulgar Slang. To be disgustingly disagreeable or offensive.
5. Vulgar Slang. To emulate phpBB's security problems
n.
1. The act or sound of sucking.
2. Suction.
3. Something drawn in by sucking.
4. phpBB
