Show filters
13 Total Results
Displaying 1-10 of 13
Sort by:
Attacker Value
Unknown

CVE-2011-3392

Disclosure Date: September 08, 2011 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.
0
0
Attacker Value
Unknown

CVE-2011-3382

Disclosure Date: September 08, 2011 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2011-3381

Disclosure Date: September 08, 2011 (last updated October 04, 2023)
Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
0
0
Attacker Value
Unknown

CVE-2010-1629

Disclosure Date: May 19, 2010 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.
0
0
Attacker Value
Unknown

CVE-2009-0488

Disclosure Date: February 09, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2006-3611

Disclosure Date: July 18, 2006 (last updated October 04, 2023)
Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php.
0
0
Attacker Value
Unknown

CVE-2000-1234

Disclosure Date: December 31, 2000 (last updated February 22, 2025)
violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.
0
0
Attacker Value
Unknown

CVE-2000-1228

Disclosure Date: December 31, 2000 (last updated February 22, 2025)
Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.
0
0
Attacker Value
Unknown

CVE-2000-1230

Disclosure Date: December 31, 2000 (last updated February 22, 2025)
Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".
0
0
Attacker Value
Unknown

CVE-2000-1232

Disclosure Date: December 31, 2000 (last updated February 22, 2025)
upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method.
0
0
View More Topics  Next >