CVE-2001-0527

Affected software: DCScripts DCForum (versions 2000 and earlier). The vulnerability arises from input handling in the registration form: an attacker can insert pipe symbols (|) and newlines into the last name, which creates an extra entry in the registration database and yields additional privile...

CVE-2000-1132

The CVE-2000-1132 entry concerns the DCForum cgforum.cgi CGI script, where a malformed forum variable allows remote attackers to read arbitrary files and to delete the script itself. This describes improper input validation in the CGI handling leading to arbitrary file read and self-deletion. No ...

CVE-2001-0436

The vulnerability CVE-2001-0436 affects DCForum 2000, specifically the dcboard.cgi CGI: remote attackers can execute arbitrary commands by uploading a Perl program to the server and referencing it via a .. in the AZ parameter. This is documented in the NVD entry for DCForum 2000 1.0 with a base s...

CVE-2001-0437

CVE-2001-0437 affects DCForum 2000 1.0: the upload_file.pl handler allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file. This enables potential unauthorized file upload and abuse on affected installations. Public references corroborat...

CVE-2005-4311

DCForum 6.25 and earlier (and possibly DCForum+ 1.x) are affected by a Cross-site Scripting (XSS) vulnerability. The issue allows remote attackers to inject arbitrary scripts via the page parameter in dcboard.php and via unspecified search parameters. Public references indicate an XSS with a CVSS...

CVE-2002-0226

CVE-2002-0226 relates to DCForum 6.x and 2000. The flaw is that retrieve_password.pl generates new passwords using a sessionID, enabling a remote attacker to request a new password for another user and calculate that user’s new password from the sessionID. The connected documents confirm the affe...