Lucene search
K

196 matches found

NVD
NVD
added 2006/12/28 12:28 a.m.20 views

CVE-2006-6790

Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board UPB 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php...

7.5CVSS7.3AI score0.02215EPSS
Exploits0References3
Cvelist
Cvelist
added 2006/12/28 12:0 a.m.18 views

CVE-2006-6790

Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board UPB 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php...

7.3AI score0.02215EPSS
Exploits0References3
CVE
CVE
added 2006/12/28 12:0 a.m.63 views

CVE-2006-6790

Summary: CVE-2006-6790 affects Ultimate PHP Board (UPB) 2.0b1 and earlier. The vulnerability is in chat/login.php where the username parameter is written to chat/text.php without proper sanitization, allowing an attacker to inject arbitrary PHP code that can be executed with the web server user p...

7.5CVSS7.3AI score0.02215EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/12/27 12:0 a.m.45 views

Ultimate PHP Board chat/login.php username Parameter Script Injection

Binary data 3872.prm...

7.5CVSS7.3AI score0.02215EPSS
Exploits0References1
seebug.org
seebug.org
added 2006/12/25 12:0 a.m.33 views

Ultimate PHP Board <= 2.0b1 (chat/login.php) Code Execution Exploit

No description provided by source. !/usr/bin/perl +------------------------------------------------------------------------------------------- + Ultimate PHP Board = 2.0b1 chat/login.php Remote Code Execution Vulnerability...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/12/24 12:0 a.m.94 views

Ultimate PHP Board <= 2.0b1 (chat/login.php) Code Execution Exploit

Exploit for unknown platform in category web applications =================================================================== Ultimate PHP Board 23: $filename = "text.php"; + - 24: $fileAr= file$filename; + - 25: exec"cat /dev/null '$filename'"; + - 26: $fd...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/12/24 12:0 a.m.22 views

Ultimate PHP Board 2.0b1 - chatlogin.php Code Execution

Ultimate PHP Board 2.0b1 - chatlogin.php Code Execution !/usr/bin/perl +------------------------------------------------------------------------------------------- + Ultimate PHP Board +------------------------------------------------------------------------------------------- + Details: + Ultima...

Exploits0
Exploit DB
Exploit DB
added 2006/12/24 12:0 a.m.54 views

Ultimate PHP Board 2.0b1 - &#039;/chat/login.php&#039; Code Execution

!/usr/bin/perl +------------------------------------------------------------------------------------------- + Ultimate PHP Board +------------------------------------------------------------------------------------------- + Details: + Ultimate PHP Board chat/login.php does not sanatize the...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/11/06 12:0 a.m.24 views

Ultimate PHP Board &lt;= 2.0 (header_simple.php) File Include Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

7.1AI score
Exploits0
0day.today
0day.today
added 2006/11/05 12:0 a.m.21 views

Ultimate PHP Board <= 2.0 (header_simple.php) File Include Exploit

Exploit for unknown platform in category web applications ================================================================== Ultimate PHP Board = 2.0 headersimple.php File Include Exploit ================================================================== ? print ' ::::::::: :::::::::: ::: :::...

7.1AI score
Exploits0
NVD
NVD
added 2006/06/24 1:6 a.m.11 views

CVE-2006-3204

Ultimate PHP Board UPB 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the...

5CVSS6.7AI score0.01811EPSS
Exploits1References3
NVD
NVD
added 2006/06/24 1:6 a.m.16 views

CVE-2006-3206

register.php in Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "NR" sequence in the signature field, which is used to separate multiple records...

5CVSS6.9AI score0.01024EPSS
Exploits0References2
NVD
NVD
added 2006/06/24 1:6 a.m.10 views

CVE-2006-3203

The installation of Ultimate PHP Board UPB 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges...

10CVSS7AI score0.02684EPSS
Exploits1References3
NVD
NVD
added 2006/06/24 1:6 a.m.19 views

CVE-2006-3207

Directory traversal vulnerability in newpost.php in Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot sequence and trailing null %00 byte in the id parameter, as demonstrated by injecting a Perl CGI script using "NR" sequences in the...

5CVSS6.8AI score0.01257EPSS
Exploits0References2
NVD
NVD
added 2006/06/24 1:6 a.m.15 views

CVE-2006-3208

Direct static code injection vulnerability in Ultimate PHP Board UPB 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in 1 adminchatconfig.php, 2 adminconfigcss.php, 3 adminconfig.php, or 4 adminconfig2.php,...

6.5CVSS7.5AI score0.01326EPSS
Exploits1References3
CVE
CVE
added 2006/06/24 1:0 a.m.46 views

CVE-2006-3208

CVE-2006-3208 affects Ultimate PHP Board (UPB) up to version 1.9.6. The issue is a direct static code injection vulnerability that allows remote authenticated administrators to execute arbitrary PHP code via multiple configuration fields stored in admin_chatconfig.php, admin_configcss.php, admin_...

6.5CVSS7.8AI score0.01326EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2006/06/24 1:0 a.m.17 views

CVE-2006-3206

register.php in Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "NR" sequence in the signature field, which is used to separate multiple records...

6.9AI score0.01024EPSS
Exploits0References2
CVE
CVE
added 2006/06/24 1:0 a.m.45 views

CVE-2006-3207

CVE-2006-3207 : Affected product is Ultimate PHP Board (UPB)

5CVSS7.2AI score0.01257EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2006/06/24 1:0 a.m.20 views

CVE-2006-3203

The installation of Ultimate PHP Board UPB 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges...

7AI score0.02684EPSS
Exploits1References3
CVE
CVE
added 2006/06/24 1:0 a.m.45 views

CVE-2006-3205

CVE-2006-3205 affects Ultimate PHP Board (UPB) versions 1.9.6 and earlier. The issue stems from cookie-based authentication where parameters such as user_env , pass_env , power_env , and id_env can be modified to create a persistent logon that does not vary across sessions. This enables remote at...

5CVSS7.3AI score0.01351EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder