Vulnerabilities > Ralph Capper > Tinyphpforum > 3.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-01-06 | CVE-2006-0104 | Directory Traversal vulnerability in TinyPHPForum Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. | 5.0 |
2006-01-06 | CVE-2006-0103 | Information Exposure vulnerability in Ralph Capper Tinyphpforum TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information. | 5.0 |
2006-01-06 | CVE-2006-0102 | Cross-Site Scripting vulnerability in Tinyphpforum Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php. network ralph-capper | 4.3 |