3.0.7 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2011-3392	79	XSS	2011-09-08	2017-08-29	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.
2	CVE-2011-3382	79	XSS	2011-09-08	2011-09-14	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3	CVE-2011-3381	352	CSRF	2011-09-08	2011-09-14	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
4	CVE-2010-1629	79	XSS	2010-05-19	2010-05-26	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.
5	CVE-2009-0488	79	XSS	2009-02-09	2009-02-17	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6	CVE-2006-3611		Dir. Trav.	2006-07-18	2018-10-18	5.5	None	Remote	Low	???	Partial	Partial	None
Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php.
7	CVE-2000-1234			2000-12-31	2008-09-05	5.0	None	Remote	Low	Not required	None	Partial	None
violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.
8	CVE-2000-1233		Sql	2000-12-31	2008-09-05	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter.
9	CVE-2000-1232			2000-12-31	2008-09-05	5.0	None	Remote	Low	Not required	None	Partial	None
upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method.
10	CVE-2000-1231			2000-12-31	2008-09-05	5.0	None	Remote	Low	Not required	Partial	None	None
code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string.
11	CVE-2000-1230			2000-12-31	2008-09-05	5.0	None	Remote	Low	Not required	Partial	None	None
Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".
12	CVE-2000-1229		Dir. Trav.	2000-12-31	2008-09-05	5.0	None	Remote	Low	Not required	Partial	None	None
Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3.
13	CVE-2000-1228			2000-12-31	2008-09-05	5.0	None	Remote	Low	Not required	None	Partial	None
Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.

Total number of vulnerabilities : 13 Page : 1 (This Page)