Vulnerabilities > Ubbcentral
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-04 | CVE-2006-0545 | SQL Injection vulnerability in UBB.Threads Showflat.PHP SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter. | 7.5 |
| 2005-06-29 | CVE-2005-2061 | Remote Security vulnerability in UBB.threads Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte. | 5.0 |
| 2005-06-29 | CVE-2005-2060 | Remote Security vulnerability in UBB.threads Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter. | 5.0 |
| 2005-06-29 | CVE-2005-2059 | Cross-Site Request Forgery (CSRF) vulnerability in Ubbcentral Ubb.Threads Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag. | 6.5 |
| 2005-06-29 | CVE-2005-2058 | SQL-Injection vulnerability in UBB.threads Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php. | 7.5 |
| 2005-06-29 | CVE-2005-2057 | Cross-Site Scripting vulnerability in UBB.threads Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php. network ubbcentral | 6.8 |
| 2005-05-02 | CVE-2005-0726 | SQL-Injection vulnerability in Ubbcentral Ubb.Threads 6.0 SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2510 | Cross-Site Scripting vulnerability in UBBCentral UBB.threads Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter. network ubbcentral | 4.3 |
| 2004-12-31 | CVE-2004-2509 | Cross-Site Scripting vulnerability in Ubbcentral Ubb.Threads 6.2.3/6.5 Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter. network ubbcentral | 4.3 |
| 2004-10-21 | CVE-2004-1622 | SQL Injection vulnerability in Ubbcentral Ubb.Threads 3.4/3.5 SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter. | 7.5 |