Vulnerabilities > CVE-2005-2061 - Remote Security vulnerability in UBB.threads

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

ubbcentral

nessus

NVD

Published: 2005-06-29

Updated: 2016-10-18

Summary

Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte.

Vulnerable Configurations

Part	Description	Count
Application	Ubbcentral Ubbcentral Ubb.Threads 6.0 Ubbcentral Ubb.Threads 6.0.1 Ubbcentral Ubb.Threads 6.0.2 Ubbcentral Ubb.Threads 6.0.3 Ubbcentral Ubb.Threads 6.1 Ubbcentral Ubb.Threads 6.1.1 Ubbcentral Ubb.Threads 6.2 Ubbcentral Ubb.Threads 6.2.1 Ubbcentral Ubb.Threads 6.2.2 Ubbcentral Ubb.Threads 6.2.3 Ubbcentral Ubb.Threads 6.3 Ubbcentral Ubb.Threads 6.3.1 Ubbcentral Ubb.Threads 6.4 Ubbcentral Ubb.Threads 6.4.1 Ubbcentral Ubb.Threads 6.4.2 Ubbcentral Ubb.Threads 6.4.3 Ubbcentral Ubb.Threads 6.4.4 Ubbcentral Ubb.Threads 6.5 Ubbcentral Ubb.Threads 6.5.1 Ubbcentral Ubb.Threads 6.5.1.1	20

Nessus

NASL family	CGI abuses
NASL id	UBBTHREADS_PRINTTHREAD_SQL_INJECTION.NASL
description	The remote host is running a version of UBB.threads that suffers from multiple vulnerabilities due to insufficient input validation - local file inclusion, HTTP response splitting, SQL injection, and cross-site scripting. These flaws may allow an attacker to completely compromise the affected installation of UBB.threads.
last seen	2020-06-01
modified	2020-06-02
plugin id	18098
published	2005-04-20
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18098
title	UBB.threads < 6.5.2 beta Multiple Vulnerabilities

Summary

Vulnerable Configurations

Nessus

References