MidnightBSD

Advisories for php-post

CVE-2005-0831 MEDIUM

PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php-post php-post_web_forum 0.1
php-post php-post_web_forum 0.3
php-post php-post_web_forum 0.2
php-post php-post_web_forum 0.21
php-post php-post_web_forum 0.22
php-post php-post_web_forum 0.32
CVE-2005-0832 MEDIUM

Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php-post php-post_web_forum 0.1
php-post php-post_web_forum 0.3
php-post php-post_web_forum 0.2
php-post php-post_web_forum 0.21
php-post php-post_web_forum 0.22
php-post php-post_web_forum 0.32
CVE-2006-3772 MEDIUM

PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php-post php-post 1.0
php-post php-post 0.21