12 matches found
CVE-2005-0677
CVE-2005-0677 affects Zorum 3.5 where the file index.php allows remote attackers to perform certain actions as other users by modifying the id parameter. The underlying issue is parameter manipulation that enables privilege escalation within the application, leading to actions executed with anoth...
CVE-2002-2350
CVE-2002-2350 involves an XSS vulnerability in Zorum 2.4. The affected code path is z_user_show.php within dbtreelistproperty_method.php, where the classifier parameter can be manipulated to inject arbitrary script or HTML. Exploitation details are not provided beyond the XSS claim; no exploit sp...
CVE-2005-4619
CVE-2005-4619 affects Zorum Forum 3.5 and earlier (index.php showhtmllist) where the rollid parameter is vulnerable to SQL injection, allowing remote attackers to execute arbitrary SQL commands. This is documented as a SQL injection vulnerability in Zorum/phpoutsourcing code; no patch/version det...
CVE-2005-0675
CVE-2005-0675 affects Zorum 3.5. A Cross-site scripting (XSS) vulnerability exists in index.php, exploitable via the list or frommethod parameters to inject arbitrary script/HTML. This is a remote, unauthenticated vector with impact limited to client-side script execution; no remediation details ...
CVE-2005-2651
CVE-2005-2651 affects Zorum 3.5: gorum/prod.php allows remote code execution via shell metacharacters in argv. Attacker-controlled input enables arbitrary commands; impact on confidentiality, integrity, and availability is noted as PARTIAL. The connected sources provide exploit-style details (e.g...
CVE-2003-1089
CVE-2003-1089 affects Zorum 3.4. The issue arises in index.php, where invalid parameter names trigger a PHP error message that reveals the full path to the web root. This path disclosure is the primary impact described in the available records; no exploitation steps or active exploit code are pro...
CVE-2006-5431
CVE-2006-5431 describes a PHP remote file inclusion flaw in gorum/dbproperty.php of PHPOutsourcing Zorum 3.5 and earlier, allowing an attacker to place a URL in the appDirName parameter to execute arbitrary PHP code. The vulnerability affects the app’s handling of the appDirName input and can lea...
CVE-2005-0676
CVE-2005-0676 affects Zorum 3.5. The vulnerability is in index.php via the search capability, where remote attackers can trigger an SQL error and potentially inject arbitrary SQL commands. The provided documents confirm the affected software and the underlying issue is an SQL injection/error cond...
CVE-2006-3332
CVE-2006-3332 is a SQL injection vulnerability in Zorum Forum 3.5 affecting index.php. The flaw allows remote attackers to inject SQL commands via six parameters: offset, tid, fromid, sortby, fromfrommethod, and fromfromlist. The underlying issue is unsafe handling/concatenation of user-supplied ...
CVE-2006-3333
The CVE-2006-3333 entry describes a Cross-site Scripting (XSS) vulnerability in Zorum Forum 3.5, specifically in index.php. The flaw allows remote attackers to inject web script or HTML through multiple unspecified parameters (notably frommethod, list, and method) which are reflected in an error ...
CVE-2005-2652
CVE-2005-2652 affects Zorum 3.5. The vulnerability permits remote attackers to obtain the full installation path by directly requesting any of these pages: gorum/notification.php, user.php, attach.php, blacklist.php, zorum/forum.php, globalstat.php, gorum/trace.php, gorum/badwords.php, or gorum/f...
CVE-2003-1088
CVE-2003-1088 describes a Cross-site scripting (XSS) vulnerability in the index.php component of Zorum 3.4 and 3.5. The issue allows remote attackers to inject arbitrary web script or HTML by supplying a crafted value to the method parameter. The public descriptions indicate user-provided input i...