14 matches found
EUVD-2011-3725
Malware in sbrugna...
EUVD-2000-1214
Malware in sbrugna...
EUVD-2004-2235
Malware in sbrugna...
CVE-2011-3381
Cross-site request forgery CSRF vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
Design/Logic Flaw
admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module parameter...
Phorum < 5.1.19 register.php XSS
Binary data 3898.prm...
CVE-2006-3053
PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUMhttppath parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of...
Phorum 3.4 Cross Site Scripting
Description: It is possible to insert javascript code in a message and execute it. 1. go to a phorum 2. click on new topic 3. enter any name 4. enter any email 5. enter a title in the way like this "scriptalert "Vulnerable";/script 6. enter any text 7. click the preview button 8. click the send...
Дырки в PHP Phorum
Можно указать некорректный php-файл для выполнения, администратор форума имеет возможность вставить собственный PHP-скрипт...
Phorum Discussion Board Security Bug (Email Disclosure)
Concerning latest Phorum version 3.3.2 A bug in the PHP based forum script Phorum makes it possible to obtain the email addresses of the 10 most active users. In the 'admin/' directory of the forum there is a script called 'stats.php' that allows administrators and anyone else, since there is no...
PHP Phorum quick fix
The major problem in Phorum, if all else is secured with the admin area off limits to anyone, seems to be the reading of local server files. In that last email on this in the correspondance part you can see the following... snip Hi jason, The fix that is provided in Phorum's site doesn't...
Phorum 3.x - Arbitrary File Read
source: https://www.securityfocus.com/bid/1997/info Phorum is a PHP based web forums package. Due to an error in the handling of user input in administrative scripts, any user can view the any file readable by the webserver on the target host. This is due to user-supplied input being referenced a...
Phorum 3.x - PHP Configuration Disclosure
source: https://www.securityfocus.com/bid/1985/info Phorum is a PHP based web forums package. Due to an error in the implementation of forum selection in administrative scripts, any user can view the any PHP script on the target host. This is due to user-supplied input being referenced as a...
Phorum 3.x - PHP Configuration Disclosure
Phorum 3.x - PHP Configuration Disclosure source: https://www.securityfocus.com/bid/1985/info Phorum is a PHP based web forums package. Due to an error in the implementation of forum selection in administrative scripts, any user can view the any PHP script on the target host. This is due to...