R00Tcr4Ck

Researcher fromCyberSpy.Org
#12630of 53,634
21.4Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2004-2405
4.6
2004-12-31
Unknown · Web Forums Server · CVE-2004-1497
**Name of the Vulnerable Software and Affected Versions** Web Forums Server versions 1.6 and 2.0 Power Pack **Description** The issue allows local users to gain privileges because passwords are stored in plaintext in the Username.ini file. **Recommendations** For Web Forums Server version 1.6, update the configuration to securely store passwords. For Web Forums Server version 2.0 Power Pack, update the configuration to securely store passwords.
PT-2004-2475
7.5
2004-12-31
Silent Storm · Silent Storm Portal · CVE-2004-1567
**Name of the Vulnerable Software and Affected Versions** Silent Storm Portal versions 2.1 through 2.2 **Description** The issue allows remote attackers to gain privileges. This is achieved by setting the `mail` parameter to 1, which is the value associated with an administrator. **Recommendations** For Silent Storm Portal versions 2.1 through 2.2, consider restricting access to the profile.php page until a fix is available, and avoid using the `mail` parameter with the value of 1 to minimize the risk of exploitation.
PT-2004-2507
4.3
2004-10-16
Coolphp · Coolphp · CVE-2004-1599
**Name of the Vulnerable Software and Affected Versions** CoolPHP version 1.0-stable **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to execute arbitrary web script or HTML. The vulnerability can be exploited via the `query` or `nick` parameters. **Recommendations** For CoolPHP version 1.0-stable, update the index.php file to properly sanitize the `query` and `nick` parameters to prevent XSS attacks. As a temporary workaround, consider restricting access to the index.php file until a patch is available.
PT-2004-2508
5.0
2004-10-16
Coolphp · Coolphp · CVE-2004-1600
**Name of the Vulnerable Software and Affected Versions** CoolPHP version 1.0-stable **Description** The issue allows remote attackers to gain sensitive information. This is achieved by providing an invalid `op` parameter, which results in the path being revealed in an error message. **Recommendations** For CoolPHP version 1.0-stable, consider restricting access to the `index.php` file until a patch is available, or modify the error handling to prevent the disclosure of sensitive path information.