VYPR
Vendor

Jffnms

Products
2
CVEs
5
Across products
10
Status
Private

Products

2

Recent CVEs

5
  • CVE-2007-3191Jun 12, 2007
    risk 0.04cvss epss 0.08

    Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.

  • CVE-2007-3190Jun 12, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters.

  • CVE-2007-3192Jun 12, 2007
    risk 0.03cvss epss 0.04

    admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request.

  • CVE-2007-3189Jun 12, 2007
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

  • CVE-2007-3204Jun 12, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The…