Lucene search
K
JffnmsJust For Fun Network Management System

5 matches found

CVE
CVE
added 2007/06/12 11:0 p.m.58 views

CVE-2007-3191

The vulnerability CVE-2007-3191 affects Just For Fun Network Management System (JFFNMS) version 0.8.3, where a direct request to admin/adm/test.php triggers phpinfo and exposes configuration information. Public sources among connected documents cite Debian’s DSA-1374-1 and the related Nessus/Open...

9.4CVSS6.1AI score0.08383EPSS
CVE
CVE
added 2007/06/12 11:0 p.m.53 views

CVE-2007-3189

The CVE-2007-3189 entry relates to a Cross-site scripting (XSS) vulnerability in JFFNMS 0.8.3, where an attacker can inject script via the user parameter in auth.php. Affected product: Just For Fun Network Management System (JFFNMS) 0.8.3. Impact: remote script/HTML injection as described. Remedi...

4.3CVSS5.5AI score0.03971EPSS
CVE
CVE
added 2007/06/12 11:0 p.m.50 views

CVE-2007-3190

CVE-2007-3190 involves multiple SQL injection flaws in Just For Fun Network Management System (JFFNMS) 0.8.3, specifically in auth.php. The vulnerabilities allow remote attackers to execute arbitrary SQL commands via the user and pass parameters when magic_quotes_gpc is disabled. Public advisorie...

6.8CVSS8.2AI score0.01448EPSS
CVE
CVE
added 2007/06/12 11:0 p.m.49 views

CVE-2007-3192

CVE-2007-3192 affects Just For Fun Network Management System (JFFNMS) 0.8.3. The issue allows remote attackers to read and modify configuration settings via direct requests to admin/setup.php, bypassing login restrictions. Debian advisories (DSA-1374-1) note fixes in jffnms 0.8.3dfsg.1-2.1etch1 (...

9.4CVSS6.3AI score0.03556EPSS
CVE
CVE
added 2007/06/12 11:0 p.m.42 views

CVE-2007-3204

CVE-2007-3204 describes an SQL injection in auth.php of JFFNMS 0.8.4-pre2 , allowing remote attackers to execute arbitrary SQL commands via the pass parameter. This vulnerability is noted to stem from an incomplete fix for CVE-2007-3190. The connected sources confirm the flaw and its relation to ...

7.5CVSS8.1AI score0.01087EPSS