CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2004-1938 – Phorum 3.4.x - Phorum_URIAuth SQL Injection
https://notcve.org/view.php?id=CVE-2004-1938
19 Apr 2004 — SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php. • https://www.exploit-db.com/exploits/24016 •
CVSS: 6.1EPSS: 1%CPEs: 29EXPL: 3CVE-2004-1822 – Phorum 3.x - 'login.php' HTTP_REFERER Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1822
15 Mar 2004 — Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php. • https://www.exploit-db.com/exploits/23819 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0035
https://notcve.org/view.php?id=CVE-2004-0035
20 Jan 2004 — SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. Vulnerabilidad de inyección de SQL en register.php de Phorum 3.4.5 y anteriores permite a atacantes remotos ejecutar comandos SLQ arbitrarios mediante el parámetro hide_email. • http://marc.info/?l=bugtraq&m=107340481804110&w=2 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0034
https://notcve.org/view.php?id=CVE-2004-0034
08 Jan 2004 — Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php. Múltiples vulneravilidades de secuencias de comandos en sitios cruzados (XSS) en Phorum 3.4.5 y anteriores pemite a atacantes inyectar código HTML o script web arbitrario mediante la función phorum_check_xss en common.php, la variabl... • http://marc.info/?l=bugtraq&m=107340481804110&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2003-1465
https://notcve.org/view.php?id=CVE-2003-1465
31 Dec 2003 — Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files. • http://securityreason.com/securityalert/3288 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2003-1466
https://notcve.org/view.php?id=CVE-2003-1466
31 Dec 2003 — Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php. • http://securityreason.com/securityalert/3288 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1467
https://notcve.org/view.php?id=CVE-2003-1467
31 Dec 2003 — Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://securityreason.com/securityalert/3288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2003-1486
https://notcve.org/view.php?id=CVE-2003-1486
31 Dec 2003 — Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. • http://securityreason.com/securityalert/3288 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 8%CPEs: 3EXPL: 0CVE-2003-1487
https://notcve.org/view.php?id=CVE-2003-1487
31 Dec 2003 — Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program. • http://securityreason.com/securityalert/3288 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0283 – Phorum 3.4.x - 'Message Form' HTML Injection
https://notcve.org/view.php?id=CVE-2003-0283
14 May 2003 — Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. Vulnerabilidad de secuencias de comandos en sitios cruzados en Phorum anterior a la 3.4.3 permite que atacantes remotos inyecten script web arbitrario y tags HTML mediante un mensaje con una "<<" anterior a un nombre de etiqueta en (1) asunto, (2) nombre de autor, ó (3) d... • https://www.exploit-db.com/exploits/22579 •