Vulnerabilities > Ultimate PHP Board

DATE CVE VULNERABILITY TITLE RISK
2007-03-20 CVE-2006-7169 Remote File Include vulnerability in Ultimate PHP Board Header_simple.PHP
PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter.
6.8
2006-12-28 CVE-2006-6790 Remote Code Execution vulnerability in Ultimate PHP Board Username Parameter
Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.
network
low complexity
ultimate-php-board
7.5
2006-06-24 CVE-2006-3208 Remote Security vulnerability in Ultimate PHP Board
Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings.
network
low complexity
ultimate-php-board
6.5
2006-06-24 CVE-2006-3207 Directory Traversal vulnerability in Ultimate PHP Board
Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a ..
network
low complexity
ultimate-php-board
5.0
2006-06-24 CVE-2006-3206 Remote Security vulnerability in Ultimate PHP Board
register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records.
network
low complexity
ultimate-php-board
5.0
2006-06-24 CVE-2006-3205 Remote Security vulnerability in Ultimate PHP Board
Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across sessions.
network
low complexity
ultimate-php-board
5.0
2006-06-24 CVE-2006-3204 Remote Security vulnerability in Ultimate PHP Board
Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie.
network
low complexity
ultimate-php-board
5.0
2006-06-24 CVE-2006-3203 Credentials Management vulnerability in Ultimate PHP Board Ultimate PHP Board
The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges.
network
low complexity
ultimate-php-board CWE-255
critical
10.0
2005-06-17 CVE-2005-2004 Cross-Site Scripting vulnerability in Ultimate PHP Board
Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php.
network
low complexity
ultimate-php-board
5.0
2005-06-16 CVE-2005-2030 Weak Password Encryption vulnerability in Ultimate PHP Board
Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat.
network
low complexity
ultimate-php-board
5.0