Vulnerabilities > Ralph Capper

DATE CVE VULNERABILITY TITLE RISK
2006-04-20 CVE-2006-1898 Cross-Site Scripting vulnerability in Ralph Capper Tinyphpforum 3.6
Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name.
network
high complexity
ralph-capper CWE-79
2.6
2006-01-06 CVE-2006-0104 Directory Traversal vulnerability in TinyPHPForum
Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a ..
network
low complexity
ralph-capper
5.0
2006-01-06 CVE-2006-0103 Information Exposure vulnerability in Ralph Capper Tinyphpforum
TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information.
network
low complexity
ralph-capper CWE-200
5.0
2006-01-06 CVE-2006-0102 Cross-Site Scripting vulnerability in Tinyphpforum
Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php.
network
ralph-capper
4.3