CVE-2000-1234
published 2000-12-31CVE-2000-1234: violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
3.27%
86.9th percentile
violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phorum | phorum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Gauntlet Firewall 4.1/4.2/5.0 / Webshield E-ppliance 100.0/300.0 / IRIX 6.5.x - Remote Buffer Overflow
exploitdb·2000-05-18
CVE-2000-0437 Gauntlet Firewall 4.1/4.2/5.0 / Webshield E-ppliance 100.0/300.0 / IRIX 6.5.x - Remote Buffer Overflow
Gauntlet Firewall 4.1/4.2/5.0 / Webshield E-ppliance 100.0/300.0 / IRIX 6.5.x - Remote Buffer Overflow
---
// source: https://www.securityfocus.com/bid/1234/info
A buffer overflow exists in the version of Mattel's Cyber Patrol software integrated in to Network Associates Gauntlet firewall, versions 4.1, 4.2, 5.0 and 5.5. Due to the manner in which Cyber Patrol was integrated, a vulnerability was introduced which could allow a remote attacker to gain root access on the firewall, or execute arbitrary commands on the firewall.
By default, Cyber Patrol is installed on Gauntlet installations, and runs for 30 days. After that period, it is disabled. During this 30 day period, the firewall is susceptible to attack,. Due to the filtering software being externally accessible, users not on the i
Exploit-DB
Phorum 3.0.7 - 'violation.php3' Arbitrary Email Relay
exploitdb·2000-01-01
CVE-2000-1234 Phorum 3.0.7 - 'violation.php3' Arbitrary Email Relay
Phorum 3.0.7 - 'violation.php3' Arbitrary Email Relay
---
source: https://www.securityfocus.com/bid/2272/info
Phorum is a freely available, open source package originally written by Brian Moon. The package is designed to add enhanced features to a web page, allowing users to interact through bulletin board style chats forums and discussions.
A problem with the Phorum package could allow remote users to arbitrarily relay email. Due to the way violation.php3 handles URL's as arguments, it is possible to create a custom crafted URL request to the script which will allow a remote user to send email through the hosts MTA. This email will then be delivered to the specified person with the appearance of coming from the web host. This problem makes it possible for a user with malicious intenti
No writeups or analysis indexed.
http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.htmlhttp://hispahack.ccc.de/mi020.htmlhttp://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htmhttp://www.securityfocus.com/bid/2272http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.htmlhttp://hispahack.ccc.de/mi020.htmlhttp://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htmhttp://www.securityfocus.com/bid/2272
2000-12-31
Published