4 matches found
Design/Logic Flaw
admin/setup.php in Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to read and modify configuration settings via a direct request...
Information disclosure
Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function...
CVE-2007-3191
Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function...
CVE-2007-3190
CVE-2007-3190 involves multiple SQL injection flaws in Just For Fun Network Management System (JFFNMS) 0.8.3, specifically in auth.php. The vulnerabilities allow remote attackers to execute arbitrary SQL commands via the user and pass parameters when magic_quotes_gpc is disabled. Public advisorie...