2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Ralph Capper Tiny PHP Forum TPF 3.6 allow remote attackers to inject arbitrary web script or HTML via 1 the uname parameter in a view action in profile.php and 2 a login name. NOTE: the "Access to hash password" issue is already covered by...
CVE-2006-0103
CVE-2006-0103 affects TinyPHPForum 3.6 and earlier. The issue is improper access control that stores the files users/[USERNAME].hash and users/[USERNAME].email under the web root, enabling remote attackers to list registered users and possibly obtain other sensitive information. The NVD entry cor...