3 matches found
CVE-2002-0226
retrievepassword.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user...
DCForum dcboard.cgi Multiple Vulnerabilities
The DCForum dcboard.cgi script is installed. This CGI has some well known security flaws, including one that lets an attacker execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc...
DCForum 1-6 - Arbitrary File Disclosure
source: https://www.securityfocus.com/bid/1951/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input, which allows the remote viewing of arbitrary files on the host which are...