IDCVSSSummaryLast (major) updatePublished
CVE-2007-3204 7.5
SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomple
30-10-2012 - 22:37 12-06-2007 - 19:30
CVE-2007-3192 9.4
admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request.
30-10-2012 - 22:37 12-06-2007 - 19:30
CVE-2007-3191 9.4
Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.
30-10-2012 - 22:37 12-06-2007 - 19:30
CVE-2007-3190 6.8
Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters.
05-09-2008 - 17:25 12-06-2007 - 19:30
CVE-2007-3189 4.3
Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
05-09-2008 - 17:25 12-06-2007 - 19:30
Back to Top Mark selected
Back to Top