Lucene search
+L

150 matches found

NVD
NVD
added 2013/08/16 5:55 p.m.14 views

CVE-2013-5309

Cross-site scripting XSS vulnerability in install/forumdata/src/customfields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from...

2.6CVSS5.7AI score0.0121EPSS
Exploits1References3
Prion
Prion
added 2013/08/16 5:55 p.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in install/forumdata/src/customfields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from...

2.6CVSS6.2AI score0.0121EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2013/08/16 5:0 p.m.22 views

CVE-2013-5309

Cross-site scripting XSS vulnerability in install/forumdata/src/customfields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from...

5.7AI score0.0121EPSS
Exploits1References3
CVE
CVE
added 2013/08/16 5:0 p.m.43 views

CVE-2013-5309

CVE-2013-5309 affects FUDforum 3.0.4.1 and earlier. The XSS flaw resides in install/forum_data/src/custom_fields.inc.t during user registration, allowing an attacker to inject arbitrary script/HTML via a custom profile field sent to index.php. The root cause is an input handling weakness in the c...

2.6CVSS5.8AI score0.0121EPSS
Exploits1References3Affected Software2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.103 views

PHP Code Injection in FUDforum

Advisory ID: HTB23146 Product: FUDforum Vendor: FUDforum Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Vendor Notification: February 21, 2013 Vendor Patch: March 11, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: Code Injection CWE-94 CVE Reference: CVE-2013-2267...

7.7AI score0.08829EPSS
Exploits2
0day.today
0day.today
added 2013/04/04 12:0 a.m.70 views

FUDforum 3.0.4 Code Injection Vulnerability

FUDforum version 3.0.4 suffers from an arbitrary code execution vulnerability. Product: FUDforum Vendor: FUDforum Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Vendor Notification: February 21, 2013 Vendor Patch: March 11, 2013 Public Disclosure: April 3, 2013 Vulnerability...

7.6AI score0.08829EPSS
Exploits2
exploitpack
exploitpack
added 2013/04/03 12:0 a.m.24 views

FUDforum - Multiple Remote PHP Code Injection Vulnerabilities

FUDforum - Multiple Remote PHP Code Injection Vulnerabilities source: https://www.securityfocus.com/bid/58845/info FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/04/03 12:0 a.m.58 views

FUDforum 3.0.4 Code Injection

Advisory ID: HTB23146 Product: FUDforum Vendor: FUDforum Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Vendor Notification: February 21, 2013 Vendor Patch: March 11, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: Code Injection CWE-94 CVE Reference: CVE-2013-2267...

0.3AI score0.08829EPSS
Exploits2
Exploit DB
Exploit DB
added 2013/04/03 12:0 a.m.30 views

FUDforum - Multiple Remote PHP Code Injection Vulnerabilities

source: https://www.securityfocus.com/bid/58845/info FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input. Attackers may exploit these issues to execute arbitrary PHP code...

7.4AI score
Exploits0
htbridge
htbridge
added 2013/02/21 12:0 a.m.48 views

PHP Code Injection in FUDforum

High-Tech Bridge Security Research Lab discovered vulnerability in FUDforum, which can be exploited to execute arbitrary PHP code on the target system. 1 PHP Code Injection in FUDforum: CVE-2013-2267 The vulnerability exists due to insufficient validation of HTTP POST parameters "regexstr",...

7.1CVSS7.7AI score0.08829EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/08/29 12:0 a.m.33 views

FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution

The remote host is running FUDforum, an open source web forum written in PHP. According to its banner, the version of FUDforum installed on the remote host may allow an authenticated attacker to upload a file with arbitrary PHP code as an avatar image and later run that code subject to the...

7.5CVSS5.7AI score0.0189EPSS
Exploits0References3
NVD
NVD
added 2005/08/17 4:0 a.m.22 views

CVE-2005-2600

FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter...

5CVSS6.2AI score0.01604EPSS
Exploits0References6
CVE
CVE
added 2005/08/17 4:0 a.m.62 views

CVE-2005-2600

CVE-2005-2600 is described in connected sources as a vulnerability in the tree view of FUD Forum Bulletin Board Software (also present in phpgroupware/egroupware imports) that allows remote attackers to read private posts by modifying the mid parameter. The OpenVAS entries reference this CVE with...

5CVSS6.1AI score0.01604EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2005/08/17 4:0 a.m.34 views

CVE-2005-2600

FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter...

6.1AI score0.01604EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2005/08/17 4:0 a.m.28 views

CVE-2005-2600

FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter...

5CVSS5.9AI score0.01604EPSS
Exploits0References1
securityvulns
securityvulns
added 2005/08/12 12:0 a.m.148 views

[Full-disclosure] Fudforum: incompletely check of user rights in tree view gaining access to all messages

Hello, We have found a security problem in the tree view of FUD Forum Bulletin Board Software http://www.fudforum.org in version 2.6.15, earlier versions maybe affected as well. Description: If a user enables tree view of messages he is able to view any message on the system, no matter he has the...

Exploits0
NVD
NVD
added 2003/04/11 4:0 a.m.15 views

CVE-2002-1421

SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via 1 report.php, 2 selmsg.php, and 3 showposts.php...

7.5CVSS7.8AI score0.02129EPSS
Exploits1References4
NVD
NVD
added 2003/04/11 4:0 a.m.13 views

CVE-2002-1422

admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters...

5CVSS6.7AI score0.0661EPSS
Exploits1References4
NVD
NVD
added 2003/04/11 4:0 a.m.14 views

CVE-2002-1423

tmpview.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter...

5CVSS6.7AI score0.03452EPSS
Exploits1References4
CVE
CVE
added 2003/03/18 5:0 a.m.49 views

CVE-2002-1421

CVE-2002-1421 affects FUDforum prior to 2.2.0. The vulnerability is a SQL injection in three scripts—report.php, selmsg.php, and showposts.php—allowing remote attackers to perform unauthorized database operations. This is described in the CVE entry and NVD records. Affected version range is befor...

7.5CVSS8.3AI score0.02129EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder