Vulnerabilities > Ultimate PHP Board > Ultimate PHP Board
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-20 | CVE-2006-7169 | Remote File Include vulnerability in Ultimate PHP Board Header_simple.PHP PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter. network ultimate-php-board | 6.8 |
2006-12-28 | CVE-2006-6790 | Remote Code Execution vulnerability in Ultimate PHP Board Username Parameter Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php. | 7.5 |
2006-06-24 | CVE-2006-3207 | Directory Traversal vulnerability in Ultimate PHP Board Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. | 5.0 |
2006-06-24 | CVE-2006-3206 | Remote Security vulnerability in Ultimate PHP Board register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records. | 5.0 |
2005-06-17 | CVE-2005-2004 | Cross-Site Scripting vulnerability in Ultimate PHP Board Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php. | 5.0 |
2005-06-16 | CVE-2005-2030 | Weak Password Encryption vulnerability in Ultimate PHP Board Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat. | 5.0 |
2005-06-16 | CVE-2005-2005 | Information Disclosure vulnerability in Ultimate PHP Board Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat. | 5.0 |
2005-06-16 | CVE-2005-2003 | Information Disclosure vulnerability in Ultimate PHP Board Ultimate PHP Board 1.9.6Gold Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message. | 5.0 |
2005-05-16 | CVE-2005-1616 | Information Disclosure vulnerability in Ultimate PHP Board viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened. | 7.5 |
2005-05-16 | CVE-2005-1615 | SQL Injection vulnerability in Ultimate PHP Board ViewForum.PHP viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly due to a SQL injection vulnerability. | 7.5 |