CVE-2006-1898
- EPSS 0.43%
- Veröffentlicht 20.04.2006 10:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the "A...
CVE-2006-0102
- EPSS 0.68%
- Veröffentlicht 06.01.2006 11:03:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php.
- EPSS 10.15%
- Veröffentlicht 06.01.2006 11:03:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive...
- EPSS 1.66%
- Veröffentlicht 06.01.2006 11:03:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.ph...