CVE-2000-1228
published 2000-12-31CVE-2000-1228: Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
2.46%
82.4th percentile
Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| phorum | phorum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c5vm-cg9p-c7r9: Phorum 3
ghsa_unreviewed·2022-04-30
CVE-2000-1228 [MEDIUM] GHSA-c5vm-cg9p-c7r9: Phorum 3
Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.
Chrome
Stable Channel Update for Desktop: CVE-2023-1228
vendor_chrome·2023-03-07·CVSS 4.3
CVE-2023-1228 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-1228
Stable Channel Update for Desktop
CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18 [$2000][ 1160485 ] Medium CVE-2023-1229: Inappropriate implementation in Permission prompts
Reported by Thomas Orlita on 2020-12-20 [$2000][ 1404230 ] Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs
Severity: medium
No detection rules found.
Exploit-DB
Phorum 3.0.7 - 'admin.php3' Unverified Administrative Password Change
exploitdb·2000-01-06
CVE-2000-1228 Phorum 3.0.7 - 'admin.php3' Unverified Administrative Password Change
Phorum 3.0.7 - 'admin.php3' Unverified Administrative Password Change
---
source: https://www.securityfocus.com/bid/2271/info
Phorum is a popular, free, open source software package originally written by Brian Moon. The package is designed to add chat/bulletin board style interaction between visitors of a web site.
A problem with Phorum can allow remote users access to restricted files on the local system. This is due to the handling of passwords by the program. By sending a custom crafted string to the admin.php3 script, it's possible to change the administrative password of the board without verification of the users credentials. The "default .langname name" field in the Master settings can then be changed to any file of the users liking, which upon reload, will be output as the page
Exploit-DB
Intel Corporation Express 8100 ISDN Router - Fragmented ICMP
exploitdb·1990-05-19
CVE-2000-0451 Intel Corporation Express 8100 ISDN Router - Fragmented ICMP
Intel Corporation Express 8100 ISDN Router - Fragmented ICMP
---
source: https://www.securityfocus.com/bid/1228/info
The Intel Express 8100 and possibly 8200 ISDN routers can be remotely crashed by sending fragmented or oversized ICMP packets.
Using libnet and isic-0.05:
icmpsic -s 127.0.0.1,23 -d -F 100
No writeups or analysis indexed.
http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.htmlhttp://hispahack.ccc.de/mi020.htmlhttp://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htmhttp://www.securityfocus.com/bid/2271http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.htmlhttp://hispahack.ccc.de/mi020.htmlhttp://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htmhttp://www.securityfocus.com/bid/2271
2000-12-31
Published