472 matches found
Phorum 3.x profile.php target Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and...
Phorum 5.1.20 admin.php module[] Variable Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...
Phorum 5.1.20 include/controlcenter/users.php Multiple Method Remote Privilege Escalation
No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...
Phorum 5.1.20 include/admin/banlist.php delete Parameter CSRF Banlist Deletion
No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...
Phorum 3.0.7 auth.php3 Backdoor Vulnerabililty
No description provided by source. source: http://www.securityfocus.com/bid/2274/info Phorum is a freely available, open source, popular WWW Board written by Brian Moon. It is designed to enhance the services offered on a web page, allow users to interact with one another through bulletin board...
Phorum 3.4.x Phorum_URIAuth SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10173/info Reportedly Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input. This issue may allow a remote attacker to...
Phorum 3.0.7 admin.php3 Unverified Administrative Password Change Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2271/info Phorum is a popular, free, open source software package originally written by Brian Moon. The package is designed to add chat/bulletin board style interaction between visitors of a web site. A problem with Phoru...
Phorum 3.0.7 violation.php3 Arbitrary Email Relay Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2272/info Phorum is a freely available, open source package originally written by Brian Moon. The package is designed to add enhanced features to a web page, allowing users to interact through bulletin board style chats...
Phorum 5.0.7 Search Script Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10822/info A cross-site scripting vulnerability is reported to affect Phorum. This issue affects the 'search.php' script. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link...
Phorum 3.x login.php HTTP_REFERER XSS
No description provided by source. source: http://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and...
Phorum 5.2 admin/badwords.php curr Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/34551/info Phorum is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...
Phorum 5.0.14 Multiple Subject and Attachment HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/12800/info Phorum is reportedly affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated...
Phorum 5.0.x FOLLOW.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11660/info Reportedly Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input. This issue allows remote attackers to...
Phorum 3.x Arbitrary File Read Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1997/info Phorum is a PHP based web forums package. Due to an error in the handling of user input in administrative scripts, any user can view the any file readable by the webserver on the target host. This is due to...
Phorum 5.1.20 admin.php badwords/banlist Module SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...
Phorum 5.2 versioncheck.php upgrade_available Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/34551/info Phorum is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...
Phorum 5.1.20 admin.php Groups Module group_id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...
PHORUM 3.x/5.x Common.PHP Remote File Include Vulnerability
No description provided by source...
Phorum 5.1.20 pm.php Recipient Name SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...
Phorum 5.2 admin/users.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/34551/info Phorum is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...