150 matches found
CVE-2013-5309
Cross-site scripting XSS vulnerability in install/forumdata/src/customfields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from...
Cross site scripting
Cross-site scripting XSS vulnerability in install/forumdata/src/customfields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from...
CVE-2013-5309
Cross-site scripting XSS vulnerability in install/forumdata/src/customfields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from...
CVE-2013-5309
CVE-2013-5309 affects FUDforum 3.0.4.1 and earlier. The XSS flaw resides in install/forum_data/src/custom_fields.inc.t during user registration, allowing an attacker to inject arbitrary script/HTML via a custom profile field sent to index.php. The root cause is an input handling weakness in the c...
PHP Code Injection in FUDforum
Advisory ID: HTB23146 Product: FUDforum Vendor: FUDforum Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Vendor Notification: February 21, 2013 Vendor Patch: March 11, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: Code Injection CWE-94 CVE Reference: CVE-2013-2267...
FUDforum 3.0.4 Code Injection Vulnerability
FUDforum version 3.0.4 suffers from an arbitrary code execution vulnerability. Product: FUDforum Vendor: FUDforum Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Vendor Notification: February 21, 2013 Vendor Patch: March 11, 2013 Public Disclosure: April 3, 2013 Vulnerability...
FUDforum - Multiple Remote PHP Code Injection Vulnerabilities
FUDforum - Multiple Remote PHP Code Injection Vulnerabilities source: https://www.securityfocus.com/bid/58845/info FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input...
FUDforum 3.0.4 Code Injection
Advisory ID: HTB23146 Product: FUDforum Vendor: FUDforum Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Vendor Notification: February 21, 2013 Vendor Patch: March 11, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: Code Injection CWE-94 CVE Reference: CVE-2013-2267...
FUDforum - Multiple Remote PHP Code Injection Vulnerabilities
source: https://www.securityfocus.com/bid/58845/info FUDforum is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input. Attackers may exploit these issues to execute arbitrary PHP code...
PHP Code Injection in FUDforum
High-Tech Bridge Security Research Lab discovered vulnerability in FUDforum, which can be exploited to execute arbitrary PHP code on the target system. 1 PHP Code Injection in FUDforum: CVE-2013-2267 The vulnerability exists due to insufficient validation of HTTP POST parameters "regexstr",...
FUDforum < 2.7.1 Avatar Upload Extension Validation Weakness Arbitrary Code Execution
The remote host is running FUDforum, an open source web forum written in PHP. According to its banner, the version of FUDforum installed on the remote host may allow an authenticated attacker to upload a file with arbitrary PHP code as an avatar image and later run that code subject to the...
CVE-2005-2600
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter...
CVE-2005-2600
CVE-2005-2600 is described in connected sources as a vulnerability in the tree view of FUD Forum Bulletin Board Software (also present in phpgroupware/egroupware imports) that allows remote attackers to read private posts by modifying the mid parameter. The OpenVAS entries reference this CVE with...
CVE-2005-2600
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter...
CVE-2005-2600
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter...
[Full-disclosure] Fudforum: incompletely check of user rights in tree view gaining access to all messages
Hello, We have found a security problem in the tree view of FUD Forum Bulletin Board Software http://www.fudforum.org in version 2.6.15, earlier versions maybe affected as well. Description: If a user enables tree view of messages he is able to view any message on the system, no matter he has the...
CVE-2002-1421
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via 1 report.php, 2 selmsg.php, and 3 showposts.php...
CVE-2002-1422
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters...
CVE-2002-1423
tmpview.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter...
CVE-2002-1421
CVE-2002-1421 affects FUDforum prior to 2.2.0. The vulnerability is a SQL injection in three scripts—report.php, selmsg.php, and showposts.php—allowing remote attackers to perform unauthorized database operations. This is described in the CVE entry and NVD records. Affected version range is befor...