| Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-0103 | 5.0 |
TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive
|
19-10-2018 - 15:42 | 06-01-2006 - 11:03 | |
| CVE-2006-0102 | 4.3 |
Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php.
|
19-10-2018 - 15:42 | 06-01-2006 - 11:03 | |
| CVE-2006-0104 | 5.0 |
Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.ph
|
19-10-2018 - 15:42 | 06-01-2006 - 11:03 | |
| CVE-2003-0144 | 7.2 |
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or
|
11-07-2017 - 01:29 | 31-03-2003 - 05:00 | |
| CVE-2014-3000 | 7.8 |
The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly rea
|
21-06-2014 - 04:41 | 02-05-2014 - 14:55 | |
| CVE-2008-4571 | 4.3 |
Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in
|
15-11-2008 - 07:20 | 15-10-2008 - 20:00 |