812 matches found
CVE-2004-1723
The 1 updateuser.php and 2 forumsprune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message...
CVE-2004-2437
SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to 1 index.php or 2 members.php, or 3 the commentid parameter to comments.php...
CVE-2004-2438
Cross-site scripting XSS vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the 1 Submit News, 2 Submit Link or 3 Submit Article field...
PHP-Fusion 4.01 Multiple Vulnerabilities
A vulnerability exists in the version of PHP-Fusion installed on the remote host that may allow an authenticated attacker to inject arbitrary SQL code due to improper validation of user-supplied input to the 'rowstart' parameter of script 'members.php' and the 'commentid' parameter of the...
PHP-Fusion Database Multiple Vulnerabilities
Binary data 2352.prm...
PHP-Fusion homepage address Parameter XSS
A vulnerability exists in the version of PHP-Fusion installed on the remote host that could allow an attacker to perform a cross-site scripting attack and execute arbitrary HTML and script code in the context of the user's browser. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
[SA12654] PHP-Fusion Cross-Site Scripting and Identify Spoof Vulnerabilities
TITLE: PHP-Fusion Cross-Site Scripting and Identify Spoof Vulnerabilities SECUNIA ADVISORY ID: SA12654 VERIFY ADVISORY: http://secunia.com/advisories/12654/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Spoofing WHERE: From remote SOFTWARE: PHP-Fusion 4.x http://secunia.com/product/3803/...
[SA12662] PHP-Fusion "homepage address" Script Insertion Vulnerability
TITLE: PHP-Fusion "homepage address" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA12662 VERIFY ADVISORY: http://secunia.com/advisories/12662/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: PHP-Fusion 4.x http://secunia.com/product/3803/ DESCRIPTIO...
PHP-Fusion Database Backup Disclosure
A vulnerability exists in the remote version of PHP-Fusion that may allow an attacker to obtain a dump of the remote database. PHP-Fusion has the ability to create database backups and store them on the web server, in the directory '/fusionadmin/dbbackups/'. Since there is no access control on th...
Multiple vulnerabilities in PHP-FUSION
ECHOADV04$2004 --------------------------------------------------------------------------- Multiple vulnerabilities in PHP-FUSION --------------------------------------------------------------------------- Author: y3dips Date: August, 17th 2004 Location: Indonesia, Jakarta Web:...
CVE-2004-1724
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusionadmin/dbbackups directory to world read/write/execute 777, which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator userna...
PHP-Fusion Database Backup Information Disclosure
Binary data 2128.prm...