Dcscripts: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter.
CVSS Score
4.3
EPSS Score
0.006
Published
2006-04-26
SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter.
CVSS Score
5.0
EPSS Score
0.005
Published
2006-04-26
Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, allows remote attackers to inject arbitrary web script or HTML via (1) the page parameter in dcboard.php and (2) unspecified search parameters.
CVSS Score
4.3
EPSS Score
0.005
Published
2005-12-17
dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.
CVSS Score
5.0
EPSS Score
0.032
Published
2002-08-12
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.
CVSS Score
7.5
EPSS Score
0.012
Published
2002-05-16
The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.
CVSS Score
5.0
EPSS Score
0.042
Published
2001-12-06
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
CVSS Score
10.0
EPSS Score
0.041
Published
2001-08-14
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.
CVSS Score
7.5
EPSS Score
0.02
Published
2001-07-02
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.
CVSS Score
5.0
EPSS Score
0.008
Published
2001-07-02
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
CVSS Score
6.4
EPSS Score
0.093
Published
2001-01-09
Page 1