Ilia Alshanetsky

ilia_alshanetsky

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-5309 2Fudforum Ilia Alshanetsky 2Fudforum Fudforum Apr 29, 2026 Aug 16, 2013 N/A· v4 N/A· v3 2.6 LOW· v2 Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a cu...Show more Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.Show less
CVE-2005-2781 1Ilia Alshanetsky 1Fudforum Apr 16, 2026 Sep 2, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed...Show more The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.Show less
CVE-2005-2600 1Ilia Alshanetsky 1Fudforum Apr 16, 2026 Aug 17, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter.
CVE-2002-1423 1Ilia Alshanetsky 1Fudforum Apr 16, 2026 Apr 11, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
CVE-2002-1422 1Ilia Alshanetsky 1Fudforum Apr 16, 2026 Apr 11, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
CVE-2002-1421 1Ilia Alshanetsky 1Fudforum Apr 16, 2026 Apr 11, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.