This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
CVE Mitre reports :
PunBB 1.2.12 does not properly handle an avatar directory pathname
ending in %00, which allows remote authenticated administrative users
to upload arbitrary files and execute code, as demonstrated by a query
to admin_options.php with an avatars_dir parameter ending in %00.
NOTE: this issue was originally disputed by the vendor, but the
dispute was withdrawn on 20060926.
See also :
Update the affected package.
Risk factor :
Low / CVSS Base Score : 3.6