Th3_R@V3N

Pesquisador deHRG - Hackerlounge Research Group
#20125de 53,634
12.8CVSS total
Vulnerabilidades · 4
Baixa
2
Média
2
PT-2005-1673
4.3
2005-03-01
Forumwa · Forumwa · CVE-2005-0628
**Name of the Vulnerable Software and Affected Versions** Forumwa version 1.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `keyword` parameter in "search.php" or through the `body` or `subject` of a forum message. **Recommendations** For Forumwa version 1.0, avoid using the vulnerable parameters `keyword`, `body`, and `subject` in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to "search.php" and forum message posting until a patch is available.
PT-2005-1674
4.3
2005-03-01
427Bb · 427Bb · CVE-2005-0629
**Name of the Vulnerable Software and Affected Versions** 427BB version 2.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `user` or `Avatar` parameters in the profile.php file. **Recommendations** For version 2.2, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting input for the `user` and `Avatar` parameters to minimize the risk of XSS attacks.
PT-2005-1675
2.1
2005-03-01
Pblang · Pblang · CVE-2005-0630
**Name of the Vulnerable Software and Affected Versions** PBLang version 4.63 **Description** The issue allows remote authenticated users to read arbitrary files. This is achieved by providing a full pathname in the `orig` parameter in the `sendpm.php` file. **Recommendations** For PBLang version 4.63, consider restricting access to the `sendpm.php` file until a patch is available, or avoid using the `orig` parameter with full pathnames to minimize the risk of exploitation.
PT-2005-1676
2.1
2005-03-01
Pblang · Pblang · CVE-2005-0631
**Name of the Vulnerable Software and Affected Versions** PBLang version 4.63 **Description** The issue allows remote authenticated users to delete arbitrary PM files. This is achieved by modifying the `id` and `a` parameters in the delpm.php file. **Recommendations** For PBLang version 4.63, consider restricting access to the delpm.php file until a patch is available, and avoid using the `id` and `a` parameters in this file to minimize the risk of exploitation.