SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter.

Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.

SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the iFor parameter.

SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field.

Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc. ASP Discussion Forum allows remote attackers to inject arbitrary web script or HTML via the search variable.

ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp.

Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the (1) forum_id parameter to forum.asp, (2) unspecified parameters to register.asp, and (3) the "Search For" field in search.asp.

Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast Forum allows remote attackers to inject arbitrary web script or HTML via the error parameter.

Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."