CVE-2011-3382
https://notcve.org/view.php?id=CVE-2011-3382
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Phorum antes de v5.2.16, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN71435255/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068 http://www.phorum.org/phorum5/read.php?64%2C147504 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-1629
https://notcve.org/view.php?id=CVE-2010-1629
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en versiones de Phorum anteriores a la v5.2.15, permite a atacantes remotos inyectar código web o HTML de su elección a través de una dirección de correo inválida. • http://osvdb.org/64759 http://www.facebook.com/note.php?note_id=371190874581 http://www.openwall.com/lists/oss-security/2010/05/16/2 http://www.openwall.com/lists/oss-security/2010/05/18/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-0488
https://notcve.org/view.php?id=CVE-2009-0488
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Phorum anterior a v5.2.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores sin especificar. • http://www.phorum.org/phorum5/read.php?64%2C136129 http://www.securityfocus.com/bid/33657 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-1486
https://notcve.org/view.php?id=CVE-2008-1486
SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search. Una vulnerabilidad de inyección SQL en Phorum versiones anteriores a 5.2.6, cuando la función mysql_use_ft está deshabilitado, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de la búsqueda sin texto completo. • http://secunia.com/advisories/29519 http://www.phorum.org/phorum5/read.php?64%2C126815%2C126815 http://www.securityfocus.com/bid/28540 https://exchange.xforce.ibmcloud.com/vulnerabilities/41418 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-2338 – Phorum 5.1.20 - '/include/admin/banlist.php?delete' Cross-Site Request Forgery Banlist Deletion
https://notcve.org/view.php?id=CVE-2007-2338
Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en include/admin/banlist.php en Phorum anterior a 5.1.22 permite a atacantes remotos realizar borrados de la banlist no autorizados como administrador a través del parámetro delete. • https://www.exploit-db.com/exploits/29891 http://osvdb.org/35061 http://secunia.com/advisories/24932 http://securityreason.com/securityalert/2617 http://securitytracker.com/id?1017936 http://www.phorum.org/story.php?76 http://www.securityfocus.com/archive/1/466286/100/0/threaded http://www.securityfocus.com/bid/23616 http://www.vupen.com/english/advisories/2007/1479 http://www.waraxe.us/advisory-49.html https://exchange.xforce.ibmcloud.com/vulnerabilities/34078 •