Show filters
59 Total Results
Displaying 11-20 of 59
Sort by:
Attacker Value
Unknown

CVE-2008-4513

Disclosure Date: October 09, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags.
0
0
Attacker Value
Unknown

CVE-2008-1486

Disclosure Date: March 24, 2008 (last updated October 04, 2023)
SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.
0
0
Attacker Value
Unknown

CVE-2007-2338

Disclosure Date: April 27, 2007 (last updated October 04, 2023)
Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter.
0
0
Attacker Value
Unknown

CVE-2007-2339

Disclosure Date: April 27, 2007 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.
0
0
Attacker Value
Unknown

CVE-2007-2250

Disclosure Date: April 25, 2007 (last updated October 04, 2023)
admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.
0
0
Attacker Value
Unknown

CVE-2007-2248

Disclosure Date: April 25, 2007 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.
0
0
Attacker Value
Unknown

CVE-2007-2249

Disclosure Date: April 25, 2007 (last updated October 04, 2023)
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.
0
0
Attacker Value
Unknown

CVE-2007-1219

Disclosure Date: March 02, 2007 (last updated October 04, 2023)
PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
0
0
Attacker Value
Unknown

CVE-2007-0767

Disclosure Date: February 06, 2007 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2007-0769

Disclosure Date: February 06, 2007 (last updated November 08, 2023)
Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly.
0
0
View More Topics  < Previous  Next >