Dcscripts Dcforum vulnerabilities
6 known vulnerabilities affecting dcscripts/dcforum.
Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2001-0527P3CRITICALCVSS 10.0PoCv6.02001-08-14
CVE-2001-0527 [CRITICAL] CVE-2001-0527: DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
nvd
CVE-2000-1132P4MEDIUMCVSS 6.4PoCv1.0v2.0+4 more2001-01-09
CVE-2000-1132 [MEDIUM] CVE-2000-1132: DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the progr
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
nvd
CVE-2005-4311P4MEDIUMCVSS 4.3PoCv2k_1.1v5.11+14 more2005-12-17
CVE-2005-4311 [MEDIUM] CVE-2005-4311: Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, all
Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, allows remote attackers to inject arbitrary web script or HTML via (1) the page parameter in dcboard.php and (2) unspecified search parameters.
nvd
CVE-2001-0436P4HIGHCVSS 7.5v1.0v2.0+4 more2001-07-02
CVE-2001-0436 [HIGH] CVE-2001-0436: dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.
nvd
CVE-2002-0226P4HIGHCVSS 7.5v5.0v6.0+2 more2002-05-16
CVE-2002-0226 [HIGH] CVE-2002-0226: retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionI
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.
nvd
CVE-2001-0437P4MEDIUMCVSS 5.0v1.0v2.0+4 more2001-07-02
CVE-2001-0437 [MEDIUM] CVE-2001-0437: upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authent
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.
nvd