Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dcscripts dcforum 6.0 vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2001-0527
DCScripts DCForum versions 2000 and previous versions allow a remote malicious user to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
Dcscripts Dcforum 6.0
Dcscripts Dcforum 2000 1.0
1 EDB exploit
668
VMScore
CVE-2002-0226
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote malicious users to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.
Dcscripts Dcforum 2000
Dcscripts Dcforum 5.0
Dcscripts Dcforum 6.0
Dcscripts Dcforum 6.21
668
VMScore
CVE-2001-0436
dcboard.cgi in DCForum 2000 1.0 allows remote malicious users to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.
Dcscripts Dcforum 5.0
Dcscripts Dcforum 6.0
Dcscripts Dcforum 3.0
Dcscripts Dcforum 4.0
Dcscripts Dcforum 1.0
Dcscripts Dcforum 2.0
Dcscripts Dcforum 2000 1.0
645
VMScore
CVE-2000-1132
DCForum cgforum.cgi CGI script allows remote malicious users to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
Dcscripts Dcforum 3.0
Dcscripts Dcforum 4.0
Dcscripts Dcforum 1.0
Dcscripts Dcforum 2.0
Dcscripts Dcforum 5.0
Dcscripts Dcforum 6.0
1 EDB exploit
445
VMScore
CVE-2001-0437
upload_file.pl in DCForum 2000 1.0 allows remote malicious users to upload arbitrary files without authentication by setting the az parameter to upload_file.
Dcscripts Dcforum 5.0
Dcscripts Dcforum 6.0
Dcscripts Dcforum 2000 1.0
Dcscripts Dcforum 3.0
Dcscripts Dcforum 4.0
Dcscripts Dcforum 1.0
Dcscripts Dcforum 2.0
435
VMScore
CVE-2005-4311
Cross-site scripting (XSS) vulnerability in DCForum 6.25 and previous versions, and possibly DCForum+ 1.x, allows remote malicious users to inject arbitrary web script or HTML via (1) the page parameter in dcboard.php and (2) unspecified search parameters.
Dcscripts Dcforum\\+ 1.003
Dcscripts Dcforum\\+ 1.1
Dcscripts Dcforum 6.2
Dcscripts Dcforum 6.21
Dcscripts Dcforum 6.22
Dcscripts Dcforum\\+ 1.001
Dcscripts Dcforum\\+ 1.002
Dcscripts Dcforum 6.0
Dcscripts Dcforum 6.1
Dcscripts Dcforum\\+ 1.2
Dcscripts Dcforum 2000 1.1
Dcscripts Dcforum 6.23
Dcscripts Dcforum 6.25
Dcscripts Dcforum\\+ 1.0
Dcscripts Dcforum 2k 1.1
Dcscripts Dcforum 5.11
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started