RSS   Vulnerabilities for 'Openforum'   RSS

2009-08-25
 
CVE-2008-7066

 

 
OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters.

 
2007-01-05
 
CVE-2007-0076

CWE-Other
 

 
Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb.

 
2006-06-30
 
CVE-2006-3321

 

 
Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters.

 

 >>> Vendor: 2enetworx 2 Products
Openforum
Statcountex


Copyright 2024, cxsecurity.com

 

Back to Top