MidnightBSD

Advisories for ilia_alshanetsky

CVE-2002-1421 HIGH

SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ilia_alshanetsky fudforum 2.0.2
ilia_alshanetsky fudforum 1.2.8
ilia_alshanetsky fudforum 1.9.8
CVE-2002-1422 MEDIUM

admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ilia_alshanetsky fudforum 2.0.2
ilia_alshanetsky fudforum 1.2.8
ilia_alshanetsky fudforum 1.9.8
CVE-2002-1423 MEDIUM

tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ilia_alshanetsky fudforum 2.0.2
ilia_alshanetsky fudforum 1.2.8
ilia_alshanetsky fudforum 1.9.8
CVE-2005-2600 MEDIUM

FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ilia_alshanetsky fudforum 2.6.15
CVE-2005-2781 HIGH

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ilia_alshanetsky fudforum 2.2.1
ilia_alshanetsky fudforum 2.6.5
ilia_alshanetsky fudforum 2.1.1
ilia_alshanetsky fudforum 2.2.0
ilia_alshanetsky fudforum 2.6.14
ilia_alshanetsky fudforum 2.2.5
ilia_alshanetsky fudforum 2.3.3
ilia_alshanetsky fudforum 2.6.4
ilia_alshanetsky fudforum 2.6.11
ilia_alshanetsky fudforum 2.6.15
ilia_alshanetsky fudforum 2.1.0
ilia_alshanetsky fudforum 2.3.8
ilia_alshanetsky fudforum 2.6.9
ilia_alshanetsky fudforum 2.6.3
ilia_alshanetsky fudforum 2.6.2
ilia_alshanetsky fudforum 2.6.13
ilia_alshanetsky fudforum 2.6.6
ilia_alshanetsky fudforum 2.3.5
ilia_alshanetsky fudforum 2.6.7
ilia_alshanetsky fudforum 2.6.10
ilia_alshanetsky fudforum 2.3.6
ilia_alshanetsky fudforum 2.2.4
ilia_alshanetsky fudforum 2.2.2
ilia_alshanetsky fudforum 2.3.2
ilia_alshanetsky fudforum 2.1.2
ilia_alshanetsky fudforum 2.5.1
ilia_alshanetsky fudforum 2.6.12
ilia_alshanetsky fudforum 2.6.1
ilia_alshanetsky fudforum 2.6.8
ilia_alshanetsky fudforum 2.6.0
ilia_alshanetsky fudforum 2.3.4
ilia_alshanetsky fudforum 2.1.3
ilia_alshanetsky fudforum 2.3.0
ilia_alshanetsky fudforum 2.5.2
ilia_alshanetsky fudforum 2.7.0
ilia_alshanetsky fudforum 2.3.7
ilia_alshanetsky fudforum 2.2.3
ilia_alshanetsky fudforum 2.5.0
ilia_alshanetsky fudforum 2.3.1
CVE-2013-5309 LOW

Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ilia_alshanetsky fudforum 2.6.5
fudforum fudforum 2.7.2
ilia_alshanetsky fudforum 2.0.2
ilia_alshanetsky fudforum 2.2.5
fudforum fudforum 2.7.7
ilia_alshanetsky fudforum 2.3.3
ilia_alshanetsky fudforum 2.6.4
ilia_alshanetsky fudforum 2.3.8
ilia_alshanetsky fudforum 2.6.9
fudforum fudforum 2.7.3
fudforum fudforum 3.0.4
ilia_alshanetsky fudforum 2.6.2
ilia_alshanetsky fudforum 2.6.13
ilia_alshanetsky fudforum 2.6.6
ilia_alshanetsky fudforum 2.6.10
ilia_alshanetsky fudforum 2.2.4
ilia_alshanetsky fudforum 2.2.2
fudforum fudforum 3.0.3
ilia_alshanetsky fudforum 2.7.1
fudforum fudforum 3.0.2
ilia_alshanetsky fudforum 2.6.1
ilia_alshanetsky fudforum 1.9.8
ilia_alshanetsky fudforum 2.3.4
ilia_alshanetsky fudforum 2.5.2
ilia_alshanetsky fudforum 2.7.0
ilia_alshanetsky fudforum 2.3.7
ilia_alshanetsky fudforum 1.2.8
ilia_alshanetsky fudforum 2.5.0
fudforum fudforum 2.7.5
fudforum fudforum 2.7.4
fudforum fudforum 3.0.1
ilia_alshanetsky fudforum 2.2.1
ilia_alshanetsky fudforum 2.1.1
ilia_alshanetsky fudforum 2.2.0
ilia_alshanetsky fudforum 2.6.14
fudforum fudforum 2.8.0
ilia_alshanetsky fudforum 2.6.11
ilia_alshanetsky fudforum 2.6.15
ilia_alshanetsky fudforum 2.1.0
ilia_alshanetsky fudforum 2.6.3
ilia_alshanetsky fudforum 2.3.5
ilia_alshanetsky fudforum 2.6.7
ilia_alshanetsky fudforum 2.3.6
ilia_alshanetsky fudforum 2.3.2
ilia_alshanetsky fudforum 2.1.2
ilia_alshanetsky fudforum 2.5.1
fudforum fudforum 2.8.1
ilia_alshanetsky fudforum 2.6.12
ilia_alshanetsky fudforum 2.6.8
ilia_alshanetsky fudforum 2.6.0
ilia_alshanetsky fudforum 2.1.3
ilia_alshanetsky fudforum 2.3.0
fudforum fudforum 2.7.6
fudforum fudforum *
ilia_alshanetsky fudforum 2.2.3
fudforum fudforum 3.0.0
ilia_alshanetsky fudforum 2.3.1