13 matches found
EUVD-2002-0223
Malware in sbrugna...
EUVD-2005-4306
Malware in sbrugna...
DCForum 6.0 - Remote Admin Privilege Compromise Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2728/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges an...
[UNIX] DCForum+ XSS Vulnerability
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
DCForum+ 1.2 - 'Subject' HTML Injection
source: https://www.securityfocus.com/bid/8384/info DCForum+ is prone to an HTML injection vulnerability. An attacker may exploit this issue by including hostile HTML and script code in the subject field of posts to the bulletin board. This is because the script that processes posts does not...
Vulnerability in all versions of DCForum from dcscripts.com
When a user requests a new password for his account, a new password is generated and sent to the requester anyone that knows the username+email information, which is usually available in "user profile". The problem is that the password is simply the first 6 characters of the user's SessionID, whi...
DCForum Remote Admin Privilege Compromise Vulnerability
Vulnerable: DC Scripts DCForum 2000 1.0 DC Scripts DCForum 6.0 DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges and remote execution of...
CVE-2001-0436
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. dot dot in the AZ parameter to reference the program...
DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)
DCForum Password File Manipulation Vulnerability qDefense Advisory Number QDAV-5-2000-2 Product: DCForum Vendor: D.C. Script Version Tested: DCForum 2000 1.0 Version 6.0 is believed to be vulnerable as well Severity: Remote; Any attacker may gain DCForum admin privileges, which result in...
DCForum 6.0 - Remote Admin Privilege Arbitrary Commands
DCForum 6.0 - Remote Admin Privilege Arbitrary Commands source: https://www.securityfocus.com/bid/2728/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an...
Дырка в DCForum (file uploading, perl execution)
Можно загрузить и выполнить perl-приложение...
qDefense Advisory: DCForum allows remote read/write/execute
qDefense Advisory Number QDAV-5-2000-1 Product: DCForum Vendor: DCScripts www.dcscripts.com Version Tested: DCForum 2000 1.0 Severity: Any remote attacker may gain read/write/execute privilleges Cause: Failure to validate input; Trust of hidden fields; Allows uploading of arbitrary files by defau...
DCForum 1-6 - Arbitrary File Disclosure
DCForum 1-6 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/1951/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. The script improperly validates user-supplied input, which allows the remote viewing ...