Filtered by vendor 2enetworx Subscriptions
Filtered by product Openforum Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-7066 1 2enetworx 1 Openforum 2024-11-21 N/A
OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters.
CVE-2007-0076 1 2enetworx 1 Openforum 2024-11-21 N/A
Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb.
CVE-2006-3321 1 2enetworx 1 Openforum 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters.