3 matches found
CVE-1999-0800
The CVE-1999-0800 issue affects Allaire Forums (2.0.4 and earlier) running in ColdFusion, where GetFile.cfm exposes a FilePath parameter that allows remote attackers to read arbitrary server files (e.g., via http://target/GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\boot.ini). Root cause: GetFile.cf...
CVE-2002-0108
Allaire Forums 2.0.4/2.0.5 and Forums! 3.0/3.1 allow remote authenticated users to spoof messages by modifying hidden form fields that carry the name and e-mail address. The root cause is lack of verification of user information submitted via hidden fields, enabling impersonation of other users w...
CVE-2000-0297
Allaire Forums 2.0.5 contains a vulnerability that allows remote attackers to bypass access restrictions to secure conferences by manipulating the rightAccessAllForums or rightModerateAllForums variables. The description does not specify affected versions beyond 2.0.5 and does not provide remedia...