150 matches found
CVE-2002-1422
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters...
CVE-2002-1423
tmpview.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter...
CVE-2002-1422
The CVE-2002-1422 issue affects FUDforum prior to 2.2.0. Vulnerable component: admbrowse.php. Root cause: the cur and dest parameters allow URL-encoded pathnames to be used in a way that enables remote attackers to create or delete files. Impact: file creation/deletion via the web interface, with...
CVE-2002-1423
The CVE-2002-1423 issue concerns FUDforum, where tmp_view.php before version 2.2.0 allows remote attackers to read arbitrary files through an absolute pathname supplied in the file parameter. The underlying vulnerability is a path traversal/unsafe file inclusion in the tmp_view.php handler, enabl...
CVE-2002-1421
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via 1 report.php, 2 selmsg.php, and 3 showposts.php...
FUDforum file access and SQL Injection
FUDforum file access and SQL Injection PROGRAM: FUDforum VENDOR: Advanced Internet Designs Inc. [email protected] HOMEPAGE: http://fud.prohost.org/ VULNERABLE VERSIONS: 2.0.2, possibly others IMMUNE VERSIONS: 2.2.0 and above LOGIN REQUIRED: no some issues, admin some issues SEVERITY: medium...
Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 - File Disclosure
source: https://www.securityfocus.com/bid/5501/info Reportedly, FUDForum may disclose contents of arbitrary files to attackers. The vulnerability is the result of FUDForum failing to check the path of the file that is being requested. By simply making malicious requests via URI parameters, an...
Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 - File Modification
source: https://www.securityfocus.com/bid/5502/info Reportedly, it is possible for an administrator to manipulate create, modify etc. files outside of the FUDForum directories. This vulnerability is present in the 'adm/admbrowse.php' script. The vulnerability is the result of FUDForum allowing...
Ilia Alshanetsky FUDForum 1.2.81.9.82.0.2 - File Modification
Ilia Alshanetsky FUDForum 1.2.81.9.82.0.2 - File Modification source: https://www.securityfocus.com/bid/5502/info Reportedly, it is possible for an administrator to manipulate create, modify etc. files outside of the FUDForum directories. This vulnerability is present in the 'adm/admbrowse.php'...
Ilia Alshanetsky FUDForum 1.2.81.9.82.0.2 - File Disclosure
Ilia Alshanetsky FUDForum 1.2.81.9.82.0.2 - File Disclosure source: https://www.securityfocus.com/bid/5501/info Reportedly, FUDForum may disclose contents of arbitrary files to attackers. The vulnerability is the result of FUDForum failing to check the path of the file that is being requested. By...