30 matches found
EUVD-2005-2063
Malware in sbrugna...
EUVD-2002-0220
Malware in sbrugna...
EUVD-2004-2500
Malware in sbrugna...
EUVD-2004-2501
Malware in sbrugna...
EUVD-2005-2060
Malware in sbrugna...
EUVD-2005-2059
Malware in sbrugna...
EUVD-2005-2062
Malware in sbrugna...
Infopop UBB.Threads Admin Credentials via SQL Injection
Discovered: 07-18-08 By: SecureState R&D Team sasquatch www.securestate.com Background: ----------- SQL injection has previously been discovered http://www.securityfocus.com/bid/14052/ New Details: ------------ UBBThreads is nice enough to encrypt/mask the regular users' passwords in the database...
CVE-2004-2509
Infopop UBB.Threads exposes XSS in multiple pages. Affected versions include 6.2.3 and 6.5, with vulnerable scripts calendar.php, login.php, and online.php. The underlying issue is cross-site scripting via the Cat parameter, enabling remote attackers to inject arbitrary script/HTML into a user’s ...
CVE-2004-2509
Cross-site scripting XSS vulnerabilities in 1 calendar.php, 2 login.php, and 3 online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter...
CVE-2004-2510
CVE-2004-2510 represents a cross-site scripting vulnerability in Infopop UBB.Threads, tracked with multiple sources. The flaw resides in showflat.php and can be triggered via the Cat parameter, allowing injection of arbitrary script/HTML. Affected products are Infopop UBB.Threads prior to version...
CVE-2005-2057
Multiple cross-site scripting XSS vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the 1 Searchpage parameter to dosearch.php, 2 Number, 3 what, or 4 page parameter to newreply.php, 5 Number, 6 Board, or 7 what parameter to...
CVE-2005-2058
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to 1 download.php, 2 modifypost.php, 3 mailthread.php, or 4 notifymod.php, 5 month or 6 year parameter to calendar.php, 7 message...
CVE-2005-2059
Multiple cross-site request forgery CSRF vulnerabilities in 1 addaddress.php, 2 toggleignore.php, 3 removeignore.php, and 4 removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag...
CVE-2005-2060
Multiple HTTP Response Splitting vulnerabilities in 1 toggleshow.php, 2 togglecats.php, and 3 showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the Cat parameter...
CVE-2005-2061
Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null %00 byte...
CVE-2005-2057
The CVE-2005-2057 entry concerns Infopop UBB.Threads prior to version 6.5.2 Beta, with multiple reflected cross-site scripting (XSS) vulnerabilities. The NVD description specifies specific injectable parameters across several scripts: (1) dosearch.php (Searchpage), (2) Number, (3) what, or (4) pa...
CVE-2005-2058
Infopop UBB.Threads (before 6.5.2 Beta) is affected by multiple SQL injection vulnerabilities in user-supplied parameters across several PHP scripts (download.php, modifypost.php, mailthread.php, notifymod.php, calendar.php, viewmessage.php, addfav.php, grabnext.php). Root cause: insufficient inp...
CVE-2005-2059
Infopop UBB.Threads is affected by multiple CSRF vulnerabilities in addaddress.php, toggleignore.php, removeignore.php, and removeaddress.php, prior to version 6.5.2 Beta. The issue allows remote attackers to modify settings as another user via a link or IMG tag. The CVE entry provides this as th...
CVE-2005-2060
Infopop UBB.Threads (before 6.5.2 Beta) is affected by HTTP Response Splitting in three scripts (toggleshow.php, togglecats.php, showprofile.php) via CRLF sequences in the Cat parameter. Root cause: insufficient input validation leads to remote spoofing of content and potential web-cache poisonin...