19 matches found
EUVD-2009-4374
Malware in sbrugna...
EUVD-2009-4375
Malware in sbrugna...
EUVD-2009-4983
Malware in sbrugna...
CVE-2009-5025
A backdoor aka BMSA-2009-07 was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user...
CVE-2009-5025
A backdoor aka BMSA-2009-07 was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user...
Design/Logic Flaw
A backdoor aka BMSA-2009-07 was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user...
CVE-2009-5025
A backdoor aka BMSA-2009-07 was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user...
CVE-2009-5025
Technical details about CVE-2009-5025 are not publicly available in the provided connected documents. Monitoring for updates is advised.
CVE-2009-5025
A backdoor aka BMSA-2009-07 was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors...
CVE-2009-4407
Multiple cross-site request forgery CSRF vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors...
CVE-2009-4408
Multiple cross-site scripting XSS vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode 1 img or 2 url tags, which are not properly handled when a post is viewed...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode 1 img or 2 url tags, which are not properly handled when a post is viewed...
CVE-2009-4407
Multiple cross-site request forgery CSRF vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors...
CVE-2009-4408
CVE-2009-4408 affects PyForum 1.0.3 (and possibly earlier versions) and possibly zForum, via the models.parser component. The root cause is improper handling of crafted BBCode (img and url tags) in posts, allowing remote XSS when a post is viewed. Publicly available references confirm multiple XS...
CVE-2009-4408
Multiple cross-site scripting XSS vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode 1 img or 2 url tags, which are not properly handled when a post is viewed...
CVE-2009-4407
CVE-2009-4407 involves multiple CSRF vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum. The vulnerabilities allow remote attackers to hijack a victim’s authenticated session to perform state-changing requests (e.g., password changes) and other unspecified actions...
[BMSA-2009-08] Multiple Vulnerabilities in PyForum
BLUE MOON SECURITY ADVISORY 2009-08 =================================== :Title: Multiple Vulnerabilities in PyForum :Severity: Critical :Reporter: Hoang Quoc Thinh and Blue Moon Consulting :Products: PyForum v1.0.3 :Fixed in: -- Description ----------- PyForum is a 100 python-based message board...
[BMSA-2009-07] Backdoor in PyForum
BLUE MOON SECURITY ADVISORY 2009-07 =================================== :Title: Backdoor in PyForum :Severity: Critical :Reporter: Blue Moon Consulting :Products: PyForum v1.0.3 :Fixed in: -- Description ----------- pyForum is a 100 python-based message board system based in the excellent web2py...