CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Zoneo-Soft: Security Vulnerabilities

CVE-2006-0957

Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php.

CVSS Score

7.5

EPSS Score

0.012

Published

2006-03-02

CVE-2006-0958

Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters.

CVSS Score

4.3

EPSS Score

0.006

Published

2006-03-02

CVE-2005-3816

Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode.

CVSS Score

7.5

EPSS Score

0.005

Published

2005-11-26

Page 2

Vulnerabilities

Vulnerable Software

Zoneo-Soft: Security Vulnerabilities

Products

Pricing

Contact Us