Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dcscripts dcforum 6.0 vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2000-1132
DCForum cgforum.cgi CGI script allows remote malicious users to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
Dcscripts Dcforum 3.0
Dcscripts Dcforum 4.0
Dcscripts Dcforum 1.0
Dcscripts Dcforum 2.0
Dcscripts Dcforum 5.0
Dcscripts Dcforum 6.0
1 EDB exploit
7.5
CVSSv2
CVE-2001-0436
dcboard.cgi in DCForum 2000 1.0 allows remote malicious users to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.
Dcscripts Dcforum 5.0
Dcscripts Dcforum 6.0
Dcscripts Dcforum 3.0
Dcscripts Dcforum 4.0
Dcscripts Dcforum 1.0
Dcscripts Dcforum 2.0
Dcscripts Dcforum 2000 1.0
5
CVSSv2
CVE-2001-0437
upload_file.pl in DCForum 2000 1.0 allows remote malicious users to upload arbitrary files without authentication by setting the az parameter to upload_file.
Dcscripts Dcforum 5.0
Dcscripts Dcforum 6.0
Dcscripts Dcforum 2000 1.0
Dcscripts Dcforum 3.0
Dcscripts Dcforum 4.0
Dcscripts Dcforum 1.0
Dcscripts Dcforum 2.0
7.5
CVSSv2
CVE-2002-0226
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote malicious users to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.
Dcscripts Dcforum 2000
Dcscripts Dcforum 5.0
Dcscripts Dcforum 6.0
Dcscripts Dcforum 6.21
4.3
CVSSv2
CVE-2005-4311
Cross-site scripting (XSS) vulnerability in DCForum 6.25 and previous versions, and possibly DCForum+ 1.x, allows remote malicious users to inject arbitrary web script or HTML via (1) the page parameter in dcboard.php and (2) unspecified search parameters.
Dcscripts Dcforum\\+ 1.003
Dcscripts Dcforum\\+ 1.1
Dcscripts Dcforum 6.2
Dcscripts Dcforum 6.21
Dcscripts Dcforum 6.22
Dcscripts Dcforum\\+ 1.001
Dcscripts Dcforum\\+ 1.002
Dcscripts Dcforum 6.0
Dcscripts Dcforum 6.1
Dcscripts Dcforum\\+ 1.2
Dcscripts Dcforum 2000 1.1
Dcscripts Dcforum 6.23
Dcscripts Dcforum 6.25
Dcscripts Dcforum\\+ 1.0
Dcscripts Dcforum 2k 1.1
Dcscripts Dcforum 5.11
1 EDB exploit
10
CVSSv2
CVE-2001-0527
DCScripts DCForum versions 2000 and previous versions allow a remote malicious user to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
Dcscripts Dcforum 6.0
Dcscripts Dcforum 2000 1.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started