Lucene search
K

812 matches found

NVD
NVD
added 2004/12/31 5:0 a.m.14 views

CVE-2004-1723

The 1 updateuser.php and 2 forumsprune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message...

5CVSS6.1AI score0.01212EPSS
Exploits0References2
NVD
NVD
added 2004/12/31 5:0 a.m.14 views

CVE-2004-2437

SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to 1 index.php or 2 members.php, or 3 the commentid parameter to comments.php...

7.5CVSS8.4AI score0.01211EPSS
Exploits0References5
NVD
NVD
added 2004/12/31 5:0 a.m.15 views

CVE-2004-2438

Cross-site scripting XSS vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the 1 Submit News, 2 Submit Link or 3 Submit Article field...

4.3CVSS5.7AI score0.01177EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/10/08 12:0 a.m.24 views

PHP-Fusion 4.01 Multiple Vulnerabilities

A vulnerability exists in the version of PHP-Fusion installed on the remote host that may allow an authenticated attacker to inject arbitrary SQL code due to improper validation of user-supplied input to the 'rowstart' parameter of script 'members.php' and the 'commentid' parameter of the...

7.5CVSS5.7AI score0.01211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/10/06 12:0 a.m.12 views

PHP-Fusion Database Multiple Vulnerabilities

Binary data 2352.prm...

7.5CVSS7.3AI score0.01211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.25 views

PHP-Fusion homepage address Parameter XSS

A vulnerability exists in the version of PHP-Fusion installed on the remote host that could allow an attacker to perform a cross-site scripting attack and execute arbitrary HTML and script code in the context of the user's browser. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

6AI score
Exploits0
securityvulns
securityvulns
added 2004/09/28 12:0 a.m.28 views

[SA12654] PHP-Fusion Cross-Site Scripting and Identify Spoof Vulnerabilities

TITLE: PHP-Fusion Cross-Site Scripting and Identify Spoof Vulnerabilities SECUNIA ADVISORY ID: SA12654 VERIFY ADVISORY: http://secunia.com/advisories/12654/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Spoofing WHERE: From remote SOFTWARE: PHP-Fusion 4.x http://secunia.com/product/3803/...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2004/09/28 12:0 a.m.28 views

[SA12662] PHP-Fusion "homepage address" Script Insertion Vulnerability

TITLE: PHP-Fusion "homepage address" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA12662 VERIFY ADVISORY: http://secunia.com/advisories/12662/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: PHP-Fusion 4.x http://secunia.com/product/3803/ DESCRIPTIO...

1.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/23 12:0 a.m.27 views

PHP-Fusion Database Backup Disclosure

A vulnerability exists in the remote version of PHP-Fusion that may allow an attacker to obtain a dump of the remote database. PHP-Fusion has the ability to create database backups and store them on the web server, in the directory '/fusionadmin/dbbackups/'. Since there is no access control on th...

7.5CVSS5.6AI score0.06934EPSS
Exploits1References2
securityvulns
securityvulns
added 2004/08/19 12:0 a.m.29 views

Multiple vulnerabilities in PHP-FUSION

ECHOADV04$2004 --------------------------------------------------------------------------- Multiple vulnerabilities in PHP-FUSION --------------------------------------------------------------------------- Author: y3dips Date: August, 17th 2004 Location: Indonesia, Jakarta Web:...

7.5AI score
Exploits0
NVD
NVD
added 2004/08/18 4:0 a.m.20 views

CVE-2004-1724

The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusionadmin/dbbackups directory to world read/write/execute 777, which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator userna...

7.5CVSS6.5AI score0.06934EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.10 views

PHP-Fusion Database Backup Information Disclosure

Binary data 2128.prm...

7.5CVSS7.3AI score0.06934EPSS
Exploits1References1
Rows per page
Query Builder