Ferruh Mavituna

#9874de 53,638
27.9CVSS total
Vulnerabilidades · 5
Média
5
PT-2004-2954
5.0
2004-12-31
Xlinesoft · Asprunner · CVE-2004-2058
**Name of the Vulnerable Software and Affected Versions** ASPRunner version 2.4 **Description** The issue allows remote attackers to gain sensitive information. This can be achieved via hidden form fields or error messages. **Recommendations** For version 2.4, update to a version that fixes this issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2004-2956
5.0
2004-12-31
Xlinesoft · Asprunner · CVE-2004-2060
**Name of the Vulnerable Software and Affected Versions** ASPRunner version 2.4 **Description** The issue allows remote attackers to obtain the database by making a direct request to the database filename. The database filename is predictable based on table and field names, such as `tablename` and `fieldname`. This predictability may enable attackers to access the database via a direct request to the database filename. **Recommendations** For ASPRunner version 2.4, consider moving the database outside of the web root directory to prevent direct access. As a temporary workaround, restrict access to the db directory to minimize the risk of exploitation.
PT-2004-1295
4.3
2004-01-22
Vbulletin · Vbulletin · CVE-2004-0091
**Name of the Vulnerable Software and Affected Versions** vBulletin (affected versions not specified) **Description** A cross-site scripting (XSS) issue in register.php allows remote attackers to inject arbitrary HTML or web script via the `reg site` (or possibly `regsite`) parameter. The vendor has disputed this issue, stating that there is no hidden field called 'reg site' nor any $reg site variable in the vBulletin 2 or vBulletin 3 source code or templates. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2003-1517
6.8
2003-05-17
Ez Systems · Ez Publish · CVE-2003-0310
Name of the Vulnerable Software and Affected Versions: eZ publish version 2.2 Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to insert arbitrary web script. This occurs in the articleview.php file. Recommendations: For eZ publish version 2.2, update to a version that fixes this issue to prevent remote attackers from inserting arbitrary web script.
PT-2003-1502
6.8
2003-05-15
Vbulletin · Vbulletin · CVE-2003-0295
Name of the Vulnerable Software and Affected Versions: vBulletin version 3.0.0 Beta 2 Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script and HTML. This is achieved through the "Preview Message" capability in the private.php file. Recommendations: For vBulletin version 3.0.0 Beta 2, consider disabling the "Preview Message" capability in private.php until a fix is available to prevent exploitation of this issue.