9 matches found
EUVD-2002-1441
Malware in sbrugna...
EUVD-2002-1442
Malware in sbrugna...
CVE-2002-1460
L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST attachment, attachmentname, attachmentsize and attachmenttype, which allows remote attackers to read arbitrary files...
CVE-2002-1458
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including 1 From, 2 E-Mail, 3 Subject and 4 Body...
CVE-2002-1459
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including 1 From, 2 E-Mail, and 3 Subject...
CVE-2002-1458
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including 1 From, 2 E-Mail, 3 Subject and 4 Body...
CVE-2002-1459
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including 1 From, 2 E-Mail, and 3 Subject...
L-Forum Vulnerability - SQL Injection
I have discovered an SQL injection flaw in L-Forum which has a recent record upload spoofing/XSS by Ulf of security bugs. The problem this time is search.php. It doesn't properly escape the SQL data passed in by the user in the search member. I have provided a SourceForge patch for this...
Leszek Krupinski L-Forum 2.4 - Search Script SQL Injection
source: https://www.securityfocus.com/bid/5468/info Reportedly, L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php' L-Forum does not properly sanitize user input that is used as part of the search parameter in the 'search.php' file. SQL code may be...