CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 2CVE-2003-1401 – PHP-Board 1.0 - User Password Disclosure
https://notcve.org/view.php?id=CVE-2003-1401
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request. • https://www.exploit-db.com/exploits/22252 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0069.html http://www.securityfocus.com/bid/6862 https://exchange.xforce.ibmcloud.com/vulnerabilities/11338 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 2CVE-2003-0442 – PHP 4.x - Transparent Session ID Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0442
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la capacidad de soporte transparente de SID en PHP anteriores a 4.3.2 (session.use_trans_sid) permite a atacantes remotos insertar script arbitrario mediante el parámetro PHPSESSID • https://www.exploit-db.com/exploits/22696 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691 http://marc.info/?l=bugtraq&m=105449314612963&w=2 http://marc.info/?l=bugtraq&m=105760591228031&w=2 http://shh.thathost.com/secadv/2003-05-11-php.txt http://www.ciac.org/ciac/bulletins/n-112.shtml http://www.debian.org/security/2003/dsa-351 http://www.mandriva.com/security/advisories?name=MDKSA-2003:082 http://www.osvdb.org/4758 http://www.redhat •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-2322
https://notcve.org/view.php?id=CVE-2002-2322
Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. • http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html http://www.iss.net/security_center/static/10300.php http://www.securityfocus.com/bid/5858 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1821
https://notcve.org/view.php?id=CVE-2002-1821
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php. • http://securitytracker.com/id?1005198 http://www.securityfocus.com/bid/5666 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1820
https://notcve.org/view.php?id=CVE-2002-1820
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a." • http://www.iss.net/security_center/static/9972.php http://www.securityfocus.com/archive/1/289417 http://www.securityfocus.com/bid/5580 • CWE-178: Improper Handling of Case Sensitivity •