CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2003-1465
https://notcve.org/view.php?id=CVE-2003-1465
31 Dec 2003 — Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files. • http://securityreason.com/securityalert/3288 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 8%CPEs: 3EXPL: 0CVE-2003-1487
https://notcve.org/view.php?id=CVE-2003-1487
31 Dec 2003 — Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program. • http://securityreason.com/securityalert/3288 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1467
https://notcve.org/view.php?id=CVE-2003-1467
31 Dec 2003 — Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://securityreason.com/securityalert/3288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2003-1466
https://notcve.org/view.php?id=CVE-2003-1466
31 Dec 2003 — Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php. • http://securityreason.com/securityalert/3288 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2003-1486
https://notcve.org/view.php?id=CVE-2003-1486
31 Dec 2003 — Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. • http://securityreason.com/securityalert/3288 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0283 – Phorum 3.4.x - 'Message Form' HTML Injection
https://notcve.org/view.php?id=CVE-2003-0283
14 May 2003 — Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. Vulnerabilidad de secuencias de comandos en sitios cruzados en Phorum anterior a la 3.4.3 permite que atacantes remotos inyecten script web arbitrario y tags HTML mediante un mensaje con una "<<" anterior a un nombre de etiqueta en (1) asunto, (2) nombre de autor, ó (3) d... • https://www.exploit-db.com/exploits/22579 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2002-2340
https://notcve.org/view.php?id=CVE-2002-2340
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response. • http://marc.info/?l=vuln-dev&m=102121925428844&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 20%CPEs: 1EXPL: 2CVE-2002-0764 – Phorum 3.3.2a - Remote Command Execution
https://notcve.org/view.php?id=CVE-2002-0764
26 Jul 2002 — Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands. • https://www.exploit-db.com/exploits/21459 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0352
https://notcve.org/view.php?id=CVE-2002-0352
03 May 2002 — Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication. • http://marc.info/?l=bugtraq&m=101508207206900&w=2 •
CVSS: 9.1EPSS: 3%CPEs: 1EXPL: 3CVE-2000-1234 – Phorum 3.0.7 - 'violation.php3' Arbitrary Email Relay
https://notcve.org/view.php?id=CVE-2000-1234
31 Dec 2000 — violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters. • https://www.exploit-db.com/exploits/20587 •