16 matches found
EUVD-2006-2819
Malware in sbrugna...
EUVD-2006-2924
Malware in sbrugna...
Improper access control
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for private/CAForum.mdb. NOTE: some of these details are obtained from third party...
CVE-2008-5932
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for private/CAForum.mdb. NOTE: some of these details are obtained from third party...
CVE-2008-5932
The CVE refers to CodeAvalanche FreeForum with an improper access control flaw that exposes the web root _private/CAForum.mdb, allowing remote attackers to download the database file containing passwords. The affected component is the forum software; the underlying cause is insufficient access co...
CVE-2008-5932
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for private/CAForum.mdb. NOTE: some of these details are obtained from third party...
CodeAvalanche FreeForum - Database Disclosure
CodeAvalanche FreeForum - Database Disclosure FreeForum Database Disclosure Vulnerability © Ghost Hacker - REAL-H.COM Author : Ghost Hacker Homepage : http://Real-h.com Contact Me : Ghost-r00tatHotmaildotcom Name Script : FreeForum Download :...
CodeAvalanche FreeForum - Database Disclosure
FreeForum Database Disclosure Vulnerability © Ghost Hacker - REAL-H.COM Author : Ghost Hacker Homepage : http://Real-h.com Contact Me : Ghost-r00tatHotmaildotcom Name Script : FreeForum Download : http://www.truecontent.info/codeavalanche/asp-forum-script.php Exploit...
CodeAvalanche FreeForum (CAForum.mdb) Database Disclosure Vuln
Exploit for unknown platform in category web applications ======================================================================= CodeAvalanche FreeForum CAForum.mdb Database Disclosure Vulnerability ======================================================================= FreeForum Database...
CVE-2006-2927
Multiple cross-site scripting XSS vulnerabilities in post.asp in CodeAvalanche FreeForum aka CAForum 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 msgsubject and 2 msgbody parameters. NOTE: The provenance of this information is unknown; the details are obtained solel...
CVE-2006-2927
Multiple cross-site scripting XSS vulnerabilities in post.asp in CodeAvalanche FreeForum aka CAForum 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 msgsubject and 2 msgbody parameters. NOTE: The provenance of this information is unknown; the details are obtained solel...
CVE-2006-2927
The CVE-2006-2927 entry concerns CodeAvalanche FreeForum (aka CAForum) 1.0, where multiple XSS vulnerabilities exist in post.asp. The affected component is the post.asp handler; the vulnerability allows an attacker to inject arbitrary script or HTML via the msg_subject or msg_body parameters. The...
Sql injection
SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum aka CAForum 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...
CVE-2006-2822
SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum aka CAForum 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...
CVE-2006-2822
CVE-2006-2822 describes a SQL injection in CodeAvalanche FreeForum 1.0 (admin/default.asp) that allows remote attackers to run arbitrary SQL via the password parameter. The NVD record assigns a CVSS v2 base score of 7.5 (HIGH) with network attack vector and no authentication, indicating potential...
CVE-2006-2822
SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum aka CAForum 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...