61 matches found
CVE-2005-2060
Infopop UBB.Threads (before 6.5.2 Beta) is affected by HTTP Response Splitting in three scripts (toggleshow.php, togglecats.php, showprofile.php) via CRLF sequences in the Cat parameter. Root cause: insufficient input validation leads to remote spoofing of content and potential web-cache poisonin...
CVE-2005-2061
Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null %00 byte...
PT-2005-3001 · Infopop · Ubb.Threads
Name of the Vulnerable Software and Affected Versions: Infopop UBB.Threads versions prior to 6.5.2 Beta Description: The issue concerns multiple cross-site request forgery CSRF vulnerabilities found in several PHP files, including addaddress.php, toggleignore.php, removeignore.php, and...
Infopop UBB Threads Multiple Vulnerabilities
GulfTech Security Research June 23rd, 2005 Vendor : Infopop Corporation URL : http://www.ubbcentral.com/ubbthreads/ Version : All Versions Prior To 6.5.2 Beta Risk : Multiple Vulnerabilities Description: UBB Threads is a very popular forum system developed by Infopop. There are a number of...
ubb652.txt
GulfTech Security Research June 23rd, 2005 Vendor : Infopop Corporation URL : http://www.ubbcentral.com/ubbthreads/ Version : All Versions Prior To 6.5.2 Beta Risk : Multiple Vulnerabilities Description: UBB Threads is a very popular forum system developed by Infopop. There are a number of...
CVE-2004-2509
Cross-site scripting XSS vulnerabilities in 1 calendar.php, 2 login.php, and 3 online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter...
CVE-2004-2510
Cross-site scripting XSS vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter...
CVE-2003-0587
Cross-site scripting XSS vulnerability in Infopop Ultimate Bulletin Board UBB 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie...
CVE-2002-0223
Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension...
CVE-2002-0223
Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension...
CVE-2002-0223
CVE-2002-0223 affects Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9. The vulnerability allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension but ends with a different, non-accepted extension. The issue is a fi...
CVE-2002-0118
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board UBB 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag...
CVE-2002-0118
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board UBB 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag...
CVE-2002-0118
The CVE-2002-0118 entry concerns Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0, where a cross‑site scripting (XSS) vulnerability exists. According to the description, remote attackers can execute arbitrary script and steal cookies by sending a message containing encoded Javascript ...
CVE-2001-0897
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board UBB before 5.47e allows remote attackers to steal user cookies via an IMG tag that references an about: URL with an onerror field...
CVE-2001-0897
The CVE-2001-0897 issue affects Infopop Ultimate Bulletin Board (UBB) versions prior to 5.47e. A cross-site scripting flaw allows remote attackers to steal user cookies by exploiting an [IMG] tag that references an about: URL with an onerror field. The vulnerability is tied to the HTML/img handli...
CVE-2001-0897
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board UBB before 5.47e allows remote attackers to steal user cookies via an IMG tag that references an about: URL with an onerror field...
CVE-2000-0141
Infopop Ultimate Bulletin Board (UBB) is affected by CVE-2000-0141. The vulnerability allows remote attackers to execute commands by injecting shell metacharacters into the topic hidden field. Connected sources corroborate that this affects Infopop UBB, with the PT-2000-1126 entry noting that aff...
CVE-2000-0141
Infopop Ultimate Bulletin Board UBB allows remote attackers to execute commands via shell metacharacters in the topic hidden field...
CVE-2000-0141
Infopop Ultimate Bulletin Board UBB allows remote attackers to execute commands via shell metacharacters in the topic hidden field...