phpHeaven phpMyChat 0.14.5 admin.php3 Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/10556/info phpHeaven phpMyChat is reported prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and design flaws. The following specific issues can affect the...

Phorum admin.php3无需验证修改管理员口令漏洞

BUGTRAQ: 2271 Phorum是一款基于PHP的WEB论坛程序，可使用在Linux和Unix操作系统下，也可使用在Microsoft Windows操作系统下。Phorum存在一个问题，远程攻击者可以访问本地系统文件。 admin.php3脚本用于安全和管理被创建的论坛。它带有口令保护，但存在漏洞可以无需访问权限修改管理员口令。一旦拥有了管理功能的访问权限，就可以进入 Master Setting 功能，在 default .langfile name 输入框输入想要访问的系统本地文件，重新载入admin.php3页面后就可以浏览这个文件的内容了。 3.0.7 and...

CVE-2004-2717

Technical details for CVE-2004-2717 are not publicly available in the provided documents; monitor for updates from Vulners and related advisories.

CVE-2000-1229

Phorum 3.0.7 is affected by a directory traversal vulnerability that allows remote Phorum administrators to read arbitrary files via dot-dot sequences in the default .langfile name field in the Master Settings admin function, causing the file to be displayed in admin.php3. The issue stems from im...

CVE-2000-0745

CVE-2000-0745 affects PHP-Nuke where admin.php3 does not properly verify the administrator password, enabling privilege escalation when a URL omits the aid/pwd parameters. Connected documents provide a detailed exploitation path: an attacker can manipulate URL parameters and the cookiedecode rout...