196 matches found
CVE-2006-6790
Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board UPB 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php...
CVE-2006-6790
Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board UPB 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php...
CVE-2006-6790
Summary: CVE-2006-6790 affects Ultimate PHP Board (UPB) 2.0b1 and earlier. The vulnerability is in chat/login.php where the username parameter is written to chat/text.php without proper sanitization, allowing an attacker to inject arbitrary PHP code that can be executed with the web server user p...
Ultimate PHP Board chat/login.php username Parameter Script Injection
Binary data 3872.prm...
Ultimate PHP Board <= 2.0b1 (chat/login.php) Code Execution Exploit
No description provided by source. !/usr/bin/perl +------------------------------------------------------------------------------------------- + Ultimate PHP Board = 2.0b1 chat/login.php Remote Code Execution Vulnerability...
Ultimate PHP Board <= 2.0b1 (chat/login.php) Code Execution Exploit
Exploit for unknown platform in category web applications =================================================================== Ultimate PHP Board 23: $filename = "text.php"; + - 24: $fileAr= file$filename; + - 25: exec"cat /dev/null '$filename'"; + - 26: $fd...
Ultimate PHP Board 2.0b1 - chatlogin.php Code Execution
Ultimate PHP Board 2.0b1 - chatlogin.php Code Execution !/usr/bin/perl +------------------------------------------------------------------------------------------- + Ultimate PHP Board +------------------------------------------------------------------------------------------- + Details: + Ultima...
Ultimate PHP Board 2.0b1 - '/chat/login.php' Code Execution
!/usr/bin/perl +------------------------------------------------------------------------------------------- + Ultimate PHP Board +------------------------------------------------------------------------------------------- + Details: + Ultimate PHP Board chat/login.php does not sanatize the...
Ultimate PHP Board <= 2.0 (header_simple.php) File Include Exploit
No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
Ultimate PHP Board <= 2.0 (header_simple.php) File Include Exploit
Exploit for unknown platform in category web applications ================================================================== Ultimate PHP Board = 2.0 headersimple.php File Include Exploit ================================================================== ? print ' ::::::::: :::::::::: ::: :::...
CVE-2006-3204
Ultimate PHP Board UPB 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the...
CVE-2006-3206
register.php in Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "NR" sequence in the signature field, which is used to separate multiple records...
CVE-2006-3203
The installation of Ultimate PHP Board UPB 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges...
CVE-2006-3207
Directory traversal vulnerability in newpost.php in Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot sequence and trailing null %00 byte in the id parameter, as demonstrated by injecting a Perl CGI script using "NR" sequences in the...
CVE-2006-3208
Direct static code injection vulnerability in Ultimate PHP Board UPB 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in 1 adminchatconfig.php, 2 adminconfigcss.php, 3 adminconfig.php, or 4 adminconfig2.php,...
CVE-2006-3208
CVE-2006-3208 affects Ultimate PHP Board (UPB) up to version 1.9.6. The issue is a direct static code injection vulnerability that allows remote authenticated administrators to execute arbitrary PHP code via multiple configuration fields stored in admin_chatconfig.php, admin_configcss.php, admin_...
CVE-2006-3206
register.php in Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "NR" sequence in the signature field, which is used to separate multiple records...
CVE-2006-3207
CVE-2006-3207 : Affected product is Ultimate PHP Board (UPB)
CVE-2006-3203
The installation of Ultimate PHP Board UPB 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges...
CVE-2006-3205
CVE-2006-3205 affects Ultimate PHP Board (UPB) versions 1.9.6 and earlier. The issue stems from cookie-based authentication where parameters such as user_env , pass_env , power_env , and id_env can be modified to create a persistent logon that does not vary across sessions. This enables remote at...