Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

44 matches found

Exploit DB
Exploit DBadded 2006/08/02 12:0 a.m.24 views

TinyPHP Forum 3.6 - 'makeAdmin' Remote Admin Maker

TinyPHPForum 3.6 Admin Maker By SirDarckCat from elhacker.net Existing User: document.forms0.action=prompt"Path to forum","http://www.server.com/tpf/"+"updatepf.php"; milw0rm.com 2006-08-02...

7AI score
Exploits0
Exploit DB
Exploit DBadded 2006/08/01 12:0 a.m.17 views

TinyPHPForum 3.6 - 'UpdatePF.php' Authentication Bypass

source: https://www.securityfocus.com/bid/19281/info TinyPHPForum is prone to an authentication-bypass vulnerability because it fails to prevent an attacker from accessing admin scripts directly without requiring authentication. A remote attacker can exploit this issue to perform administrative...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2006/08/01 12:0 a.m.14 views

TinyPHPForum 3.6 - UpdatePF.php Authentication Bypass

TinyPHPForum 3.6 - UpdatePF.php Authentication Bypass source: https://www.securityfocus.com/bid/19281/info TinyPHPForum is prone to an authentication-bypass vulnerability because it fails to prevent an attacker from accessing admin scripts directly without requiring authentication. A remote...

0.5AI score
Exploits0
Exploit DB
Exploit DBadded 2006/08/01 12:0 a.m.28 views

TinyPHPForum 3.6 - 'error.php' Information Disclosure

source: https://www.securityfocus.com/bid/19278/info TinyPHPForum is prone to an information-disclosure vulnerability. This issue arises when a script allows a remote untrusted source to change a victim user's email address, and have their login credentials returned to an attacker. Information th...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2006/08/01 12:0 a.m.9 views

TinyPHPForum 3.6 - error.php Information Disclosure

TinyPHPForum 3.6 - error.php Information Disclosure source: https://www.securityfocus.com/bid/19278/info TinyPHPForum is prone to an information-disclosure vulnerability. This issue arises when a script allows a remote untrusted source to change a victim user's email address, and have their login...

7.2AI score
Exploits0
Exploit DB
Exploit DBadded 2006/07/31 12:0 a.m.16 views

TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities (2)

source: https://www.securityfocus.com/bid/19260/info TinyPHPForum is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user...

7.4AI score
Exploits0
Exploit DB
Exploit DBadded 2006/04/17 12:0 a.m.23 views

TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities (1)

source: https://www.securityfocus.com/bid/17553/info TinyPHPForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed ...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2006/04/17 12:0 a.m.12 views

TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities (1)

TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities 1 source: https://www.securityfocus.com/bid/17553/info TinyPHPForum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacke...

Exploits0
Packet Storm
Packet Stormadded 2006/01/08 12:0 a.m.19 views

EV0014.txt

New eVuln Advisory: TinyPHPForum Multiple Vulnerabilities --------------------Summary---------------- Software: TinyPHPForum Sowtware's Web Site: http://www.ralpharama.co.uk/tpf/ Versions: 3.6 and earlier Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched...

7.4AI score
Exploits0
securityvulns
securityvulnsadded 2006/01/07 12:0 a.m.30 views

[eVuln] TinyPHPForum Multiple Vulnerabilities

New eVuln Advisory: TinyPHPForum Multiple Vulnerabilities --------------------Summary---------------- Software: TinyPHPForum Sowtware's Web Site: http://www.ralpharama.co.uk/tpf/ Versions: 3.6 and earlier Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched...

0.1AI score
Exploits0
NVD
NVDadded 2006/01/06 11:3 a.m.9 views

CVE-2006-0104

Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. dot dot in the uname parameter to profile.php...

5CVSS6.6AI score0.01664EPSS
Exploits1References9
NVD
NVDadded 2006/01/06 11:3 a.m.12 views

CVE-2006-0102

Cross-site scripting XSS vulnerability in TinyPHPForum TPF 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "a" bbcode tag, possibly the txt parameter to action.php...

4.3CVSS5.9AI score0.00675EPSS
Exploits1References7
Prion
Prionadded 2006/01/06 11:3 a.m.8 views

Improper access control

TinyPHPForum 3.6 and earlier stores the 1 users/USERNAME.hash and 2 users/USERNAME.email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information...

5CVSS6.9AI score0.10152EPSS
Exploits1References9Affected Software1
Prion
Prionadded 2006/01/06 11:3 a.m.9 views

Cross site scripting

Cross-site scripting XSS vulnerability in TinyPHPForum TPF 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "a" bbcode tag, possibly the txt parameter to action.php...

4.3CVSS6.3AI score0.00675EPSS
Exploits1References7Affected Software1
Prion
Prionadded 2006/01/06 11:3 a.m.12 views

Directory traversal

Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. dot dot in the uname parameter to profile.php...

5CVSS7.2AI score0.01664EPSS
Exploits1References9Affected Software1
NVD
NVDadded 2006/01/06 11:3 a.m.10 views

CVE-2006-0103

TinyPHPForum 3.6 and earlier stores the 1 users/USERNAME.hash and 2 users/USERNAME.email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information...

5CVSS6.6AI score0.10152EPSS
Exploits1References9
CVE
CVEadded 2006/01/06 11:0 a.m.40 views

CVE-2006-0104

CVE-2006-0104 describes a directory traversal vulnerability in TinyPHPForum 3.6 and earlier. The issue enables remote attackers to perform actions such as creating a new user account, creating a new topic, or viewing another user’s profile by manipulating the uname parameter in profile.php. The a...

5CVSS6.6AI score0.01664EPSS
Exploits1References9Affected Software1
CVE
CVEadded 2006/01/06 11:0 a.m.117 views

CVE-2006-0102

CVE-2006-0102 affects TinyPHPForum (TPF) 3.6 and earlier. The issue is a Cross-site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script through a javascript: scheme in an "[a]" bbcode tag, possibly via the txt parameter to action.php. The NVD description conf...

4.3CVSS5.9AI score0.00675EPSS
Exploits1References7Affected Software1
Cvelist
Cvelistadded 2006/01/06 11:0 a.m.12 views

CVE-2006-0102

Cross-site scripting XSS vulnerability in TinyPHPForum TPF 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "a" bbcode tag, possibly the txt parameter to action.php...

5.9AI score0.00675EPSS
Exploits1References7
Cvelist
Cvelistadded 2006/01/06 11:0 a.m.14 views

CVE-2006-0103

TinyPHPForum 3.6 and earlier stores the 1 users/USERNAME.hash and 2 users/USERNAME.email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information...

6.6AI score0.10152EPSS
Exploits1References9
Rows per page
Query Builder