UBB Threads < 6.5.2 Beta (mailthread.php) SQL Injection Exploit

Exploit for unknown platform in category web applications =============================================================== UBB Threads Alphaprogrammer , Oilkarchack , TheCephaleX , Str0ke And Iranian Hacking & Security Teams : IHS TeaM , alphaST , Shabgard Security Team , Emperor Hacking Team ,...

UBB Threads &lt; 6.5.2 Beta (mailthread.php) SQL Injection Exploit

No description provided by source. ?php T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m Vulnerable: UBBCentral SQL Injection Exploit By : MHp0rtal Discovered By: James Bercegay Gr33tz To == Alphaprogrammer , Oilkarchack , TheCephaleX , Str0ke And Iranian Hacking & Security Teams : IHS...

Infopop UBB Threads Multiple Vulnerabilities

GulfTech Security Research June 23rd, 2005 Vendor : Infopop Corporation URL : http://www.ubbcentral.com/ubbthreads/ Version : All Versions Prior To 6.5.2 Beta Risk : Multiple Vulnerabilities Description: UBB Threads is a very popular forum system developed by Infopop. There are a number of...

ubb652.txt

GulfTech Security Research June 23rd, 2005 Vendor : Infopop Corporation URL : http://www.ubbcentral.com/ubbthreads/ Version : All Versions Prior To 6.5.2 Beta Risk : Multiple Vulnerabilities Description: UBB Threads is a very popular forum system developed by Infopop. There are a number of...

CVE-2005-1492

The vulnerability CVE-2005-1492 affects Gossamer Threads’ Gossamer Links web links manager (Links SQL 2.x and 3.0) where the url parameter of user.cgi is not properly sanitized. The underlying issue is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary web script or HTM...

CVE-2005-1492

Cross-site scripting XSS vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter...

CVE-2005-1492

Cross-site scripting XSS vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter...

Gossamer Threads Links SQL login XSS Vulnerability

Gossamer Threads Links SQL login XSS Vulnerability Class Input Validation XSS Remote Local Published / Updated Yes Yes 04th May 2005 Vulnerable Vulnerable: Gossamer Threads Links SQL v3.0 + Links SQL 2.x + Links SQL 2.2.x + Links SQL 3.0 Not Vulnerable - Discussion Links SQL is a perl/modperl/PHP...

Gossamer Threads Links 2.x - &#039;User.cgi&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13484/info Gossamer Threads Links is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in t...

CVE-2005-0001

Race condition in the page fault handler fault.c for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stac...

CVE-2005-0001

Race condition in the page fault handler fault.c for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stac...

Microsoft Windows - WINS Vulnerability + OSSP Scanner

Microsoft Windows - WINS Vulnerability + OSSP Scanner / HAT-SQUAD WINS VULNERABILITY/OS SCANNER ------------------------------------ ------------------------------------ Note: ---------------- By default, nothing printed on screen, 200 threads, all results in the file HSWINS.txt -v..: lite verbos...

CVE-2005-0937

Some futex functions in futex.c for Linux kernel 2.6.x perform getuser calls while holding the mmapsem semaphore, which could allow local users to cause a deadlock condition in dopagefault by triggering getuser faults while another thread is executing mmap or other functions...

[Full-disclosure] 3 XSS Vulnerabilities in Phorum &lt;= 5.0.14

Author: Jon Oberheide [email protected] Date: Sat, March 12th, 2005 Summary ======= Application: Phorum Vendor Website: http://www.phorum.org Affected Versions: = 5.0.14 Type of Vulnerability: Cross Site Scripting XSS About Phorum ============ Phorum is a web based message board written in PHP...

UBBCentral UBB.Threads 6.0 - Printthread.php SQL Injection

UBBCentral UBB.Threads 6.0 - Printthread.php SQL Injection // source: https://www.securityfocus.com/bid/13253/info It is reported that UBB.threads is prone to an SQL injection vulnerability. The SQL injection vulnerability is reported to affect the 'printthread.php' script. UBB.threads 6.0 is...

UBBCentral UBB.Threads 6.0 - &#039;Printthread.php&#039; SQL Injection

// source: https://www.securityfocus.com/bid/13253/info It is reported that UBB.threads is prone to an SQL injection vulnerability. The SQL injection vulnerability is reported to affect the 'printthread.php' script. UBB.threads 6.0 is reported prone to this issue. It is likely that other versions...

PHP-Fusion 4.0 - Viewthread.php Information Disclosure

PHP-Fusion 4.0 - Viewthread.php Information Disclosure source: https://www.securityfocus.com/bid/12482/info PHP-Fusion is reportedly affected by an information disclosure vulnerability. This issue is due to the application failing to properly sanitize user-supplied input. It is reported that an...

UBBCentral UBB.Threads 6.2.3/6.5 - &#039;login.php?Cat&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web...

CVE-2004-0837

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service crash or hang via multiple threads that simultaneously alter MERGE table UNIONs...

ubbthreads.txt

Product: ======== UBB.threads Vendor: ======= UBBCentral http://www.ubbcentral.com/ Versions: ========= I tested it successfull on 3.4.x At Version 3.5 you need to be logged in to perform a search. I didnt tested this version. Problem: ======== Sql-Injection in dosearch.php dosearch.php?Name=' OR...