CVE-2006-0102

CVE-2006-0102 affects TinyPHPForum (TPF) 3.6 and earlier. The issue is a Cross-site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script through a javascript: scheme in an "[a]" bbcode tag, possibly via the txt parameter to action.php. The NVD description conf...

CVE-2006-0103

CVE-2006-0103 affects TinyPHPForum 3.6 and earlier. The issue is improper access control that stores the files users/[USERNAME].hash and users/[USERNAME].email under the web root, enabling remote attackers to list registered users and possibly obtain other sensitive information. The NVD entry cor...

CVE-2006-0104

CVE-2006-0104 describes a directory traversal vulnerability in TinyPHPForum 3.6 and earlier. The issue enables remote attackers to perform actions such as creating a new user account, creating a new topic, or viewing another user’s profile by manipulating the uname parameter in profile.php. The a...

CVE-2006-1898

CVE-2006-1898 describes multiple cross-site scripting (XSS) vulnerabilities in TinyPHPForum (TPF) 3.6 and earlier. The flaws allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in the profile.php view action and (2) a login name. The documents do not provide ...