Page 9 of 53 results (0.004 seconds)

CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7574 http://www.securityfocus.com/bid/7578 http://www.securityfocus.com/bid/7579 https://exchange.xforce.ibmcloud.com/vulnerabilities/12500 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 2

Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7569 https://exchange.xforce.ibmcloud.com/vulnerabilities/12482 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. Vulnerabilidad de secuencias de comandos en sitios cruzados en Phorum anterior a la 3.4.3 permite que atacantes remotos inyecten script web arbitrario y tags HTML mediante un mensaje con una "<<" anterior a un nombre de etiqueta en (1) asunto, (2) nombre de autor, ó (3) dirección de correo electrónico del autor. • https://www.exploit-db.com/exploits/22579 http://marc.info/?l=bugtraq&m=105251043821533&w=2 http://marc.info/?l=bugtraq&m=105251421925394&w=2 http://www.securityfocus.com/bid/7545 https://exchange.xforce.ibmcloud.com/vulnerabilities/11974 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response. • http://marc.info/?l=vuln-dev&m=102121925428844&w=2 http://www.ifrance.com/kitetoua/tuto/5holes5.txt http://www.phorum.org/changelog.txt http://www.securityfocus.com/bid/4739 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 81%CPEs: 1EXPL: 2

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands. • https://www.exploit-db.com/exploits/21459 http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html http://www.iss.net/security_center/static/9107.php http://www.phorum.org http://www.securityfocus.com/bid/4763 •