167 matches found
UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection
source: https://www.securityfocus.com/bid/31074/info UBB.threads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...
CVE-2007-1956
SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter...
CVE-2007-1956
SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter...
CVE-2007-1956
The CVE-2007-1956 entry describes an SQL injection in ubbthreads.php of Groupee UBB.threads
ubb-sql.txt
UBB.threads SQL Injection Vulnerability The variable 'C' in UBB.threads is susceptible to SQL injection. Vulnerability: http://target.com/ubbthreads.php?Cat=cat&C=' Vulnerable: UBB.threads = 6.1.1 Google d0rk: allintitle:"Forums powered by UBB.threads" John Martinelli [email protected]...
UBBCentral UBB.Threads 6.1.1 - 'UBBThreads.php' SQL Injection
source: https://www.securityfocus.com/bid/23369/info UBB.threads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...
UBBCentral UBB.Threads 6.1.1 - UBBThreads.php SQL Injection
UBBCentral UBB.Threads 6.1.1 - UBBThreads.php SQL Injection source: https://www.securityfocus.com/bid/23369/info UBB.threads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow a...
UBB.threads (<= 6.1.1) SQL Injection Vulnerability
UBB.threads SQL Injection Vulnerability The variable 'C' in UBB.threads is susceptible to SQL injection. Vulnerability: http://target.com/ubbthreads.php?Cat=cat&C=' Vulnerable: UBB.threads = 6.1.1 Google d0rk: allintitle:"Forums powered by UBB.threads" John Martinelli [email protected]...
UBB.threads-6.txt
Hello,, UBB.threads Multiple input validation error Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested on Version 6 6.5.1.1 and other versions maybe affected Remote File including :...
CVE-2006-5138
Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message...
CVE-2006-5137
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to 1 inject PHP code via a theme array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; 2 inject PHP code via a config array parameter to...
CVE-2006-5136
Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSthispath or 2 GLOBALSconfigdir parameter...
CVE-2006-5138
Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message...
CVE-2006-5136
Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSthispath or 2 GLOBALSconfigdir parameter...
CVE-2006-5136
UBB.threads 6.5.1.1 contains multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php that allow remote attackers to execute arbitrary PHP code via a URL provided to GLOBALS[thispath] or GLOBALS[configdir]. Root cause is improper handling of user-supplied URLs in these globals. The CVE ...
CVE-2006-5137
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to 1 inject PHP code via a theme array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; 2 inject PHP code via a config array parameter to...
CVE-2006-5137
CVE-2006-5137 affects Groupee UBB.threads 6.5.1.1 and enables remote PHP code injection through multiple vectors: (1) theme[] via admin/doedittheme.php into includes/theme.inc.php; (2) config[] via admin/doeditconfig.php into includes/config.inc.php; and (3) a URL in config[path] exploited to run...
CVE-2006-5138
CVE-2006-5138 affects Groupee UBB.threads 6.5.1.1. The vulnerability allows remote attackers to obtain sensitive information via a direct request to cron/php/subscriptions.php, which reveals the installation path in an error message. This is a information disclosure issue reported in multiple sou...
UBB.threads doeditconfig Arbitrary Command Injection
The version of UBB.threads installed on the remote host fails to sanitize input to the 'thispath' and 'config' parameters of the 'admin/doeditconfig.php' script before using them to update the application's configuration file. Provided PHP's 'registerglobals' setting is enabled, an unauthenticate...
UBB.threads Multiple input validation error
Hello,, UBB.threads Multiple input validation error Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested on Version 6 6.5.1.1 and other versions maybe affected Remote File including :...