79 matches found
CVE-2005-2652
Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to 1 gorum/notification.php, 2 user.php, 3 attach.php, 4 blacklist.php, 5 zorum/forum.php, 6 globalstat.php, 7 gorum/trace.php, 8 gorum/badwords.php, or 9 gorum/flood.php...
CVE-2005-2651
gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter...
CVE-2005-2651
gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter...
CVE-2005-2652
Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to 1 gorum/notification.php, 2 user.php, 3 attach.php, 4 blacklist.php, 5 zorum/forum.php, 6 globalstat.php, 7 gorum/trace.php, 8 gorum/badwords.php, or 9 gorum/flood.php...
CVE-2005-2652
CVE-2005-2652 affects Zorum 3.5. The vulnerability permits remote attackers to obtain the full installation path by directly requesting any of these pages: gorum/notification.php, user.php, attach.php, blacklist.php, zorum/forum.php, globalstat.php, gorum/trace.php, gorum/badwords.php, or gorum/f...
CVE-2005-2651
CVE-2005-2651 affects Zorum 3.5: gorum/prod.php allows remote code execution via shell metacharacters in argv. Attacker-controlled input enables arbitrary commands; impact on confidentiality, integrity, and availability is noted as PARTIAL. The connected sources provide exploit-style details (e.g...
Zorum 3.5 remote code execution poc exploit
Zorum 3.5 remote code execution poc exploit software: description: Zorum is a freely available, open source Web-based forum application implemented in PHP. It is available for UNIX, Linux, and any other platform that supports PHP script execution. author site: http://zorum.phpoutsourcing.com/ 1...
PHPOutsourcing Zorum 3.5 - Prod.php Arbitrary Command Execution
PHPOutsourcing Zorum 3.5 - Prod.php Arbitrary Command Execution source: https://www.securityfocus.com/bid/14601/info Zorum is prone to an arbitrary command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This issue may facilitat...
PHPOutsourcing Zorum 3.5 - 'Prod.php' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/14601/info Zorum is prone to an arbitrary command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This issue may facilitate unauthorized remote access in the context of the Web server to...
CVE-2005-0676
index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability...
CVE-2005-0675
Cross-site scripting XSS vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the 1 list or 2 frommethod parameters...
CVE-2005-0677
index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter...
Zorum <= 3.5 Multiple Remote Vulnerabilities
The remote host is running Zorum, an open source electronic forum written in PHP. The version of Zorum installed on the remote host is prone to numerous flaws, including remote code execution, privilege escalation, and SQL injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
phpoutsourcing zorum 3.5 - Multiple Vulnerabilities
phpoutsourcing zorum 3.5 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/12777/info Zorum is a freely available, open source Web-based forum application implemented in PHP. It is available for UNIX, Linux, and any other platform that supports PHP script execution. Multiple...
Zorum < 3.6.0 Multiple Vulnerabilities
Binary data 2692.prm...
phpoutsourcing zorum 3.5 - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/12777/info Zorum is a freely available, open source Web-based forum application implemented in PHP. It is available for UNIX, Linux, and any other platform that supports PHP script execution. Multiple remote vulnerabilities affect Zorum. These issues are...
CVE-2005-0676
CVE-2005-0676 affects Zorum 3.5. The vulnerability is in index.php via the search capability, where remote attackers can trigger an SQL error and potentially inject arbitrary SQL commands. The provided documents confirm the affected software and the underlying issue is an SQL injection/error cond...
CVE-2003-1089
CVE-2003-1089 affects Zorum 3.4. The issue arises in index.php, where invalid parameter names trigger a PHP error message that reveals the full path to the web root. This path disclosure is the primary impact described in the available records; no exploitation steps or active exploit code are pro...
CVE-2005-0675
CVE-2005-0675 affects Zorum 3.5. A Cross-site scripting (XSS) vulnerability exists in index.php, exploitable via the list or frommethod parameters to inject arbitrary script/HTML. This is a remote, unauthenticated vector with impact limited to client-side script execution; no remediation details ...
CVE-2005-0677
CVE-2005-0677 affects Zorum 3.5 where the file index.php allows remote attackers to perform certain actions as other users by modifying the id parameter. The underlying issue is parameter manipulation that enables privilege escalation within the application, leading to actions executed with anoth...