196 matches found
CVE-2006-3205
CVE-2006-3205 affects Ultimate PHP Board (UPB) versions 1.9.6 and earlier. The issue stems from cookie-based authentication where parameters such as user_env , pass_env , power_env , and id_env can be modified to create a persistent logon that does not vary across sessions. This enables remote at...
CVE-2006-3204
CVE-2006-3204 affects Ultimate PHP Board (UPB) up to version 1.9.6. The underlying issue is a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key when given the plaintext (password sent at login) and the cipher...
CVE-2006-3203
The CVE-2006-3203 vulnerability affects Ultimate PHP Board (UPB) versions 1.9.6 and earlier, where a default administrator login and password exist. This root cause enables remote attackers to gain privileges (high impact) without authentication. Affected component: UPB installation process inclu...
CVE-2006-3208
CVE-2006-3208 affects Ultimate PHP Board (UPB) up to version 1.9.6. The issue is a direct static code injection vulnerability that allows remote authenticated administrators to execute arbitrary PHP code via multiple configuration fields stored in admin_chatconfig.php, admin_configcss.php, admin_...
PT-2006-4098 Ā· Upb Ā· Ultimate Php Board
Name of the Vulnerable Software and Affected Versions: Ultimate PHP Board UPB versions 1.9.6 and earlier Description: The issue concerns a default administrator login account and password included in the installation of the software, allowing remote attackers to gain privileges. Recommendations:...
PT-2006-4103 Ā· Upb Ā· Ultimate Php Board
Name of the Vulnerable Software and Affected Versions: Ultimate PHP Board UPB versions 1.9.6 and earlier Description: The issue allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified configuration fields in admin chatconfig.php, admin configcss.php, admi...
PT-2006-4100 Ā· Upb Ā· Ultimate Php Board
Name of the Vulnerable Software and Affected Versions: Ultimate PHP Board UPB versions 1.9.6 and earlier Description: The issue allows remote attackers to gain access by modifying certain parameters in a cookie. These parameters, including user env, pass env, power env, and id env, can be exploit...
PT-2006-4099 Ā· Upb Ā· Ultimate Php Board
Name of the Vulnerable Software and Affected Versions: Ultimate PHP Board UPB versions 1.9.6 and earlier Description: The issue allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext. This is achieved by obtaining the plaintext password, which is sent wh...
Ultimate PHP Board <= 1.96 GOLD Multiple Vulnerabilities Exploit
Exploit for unknown platform in category web applications ================================================================ Ultimate PHP Board "; $ikey = ordsubstr$key, $i, 1; // print $i."ikey:".$ikey.""; $itext = ordsubstr$text, $i, 1; // print $i."itext:".$itext.""; $nkey = ordsubstr$key, $i+1...
Ultimate PHP Board 1.96 GOLD - Multiple Vulnerabilities
Ultimate PHP Board 1.96 GOLD - Multiple Vulnerabilities "; $ikey = ordsubstr$key, $i, 1; // print $i."i...
Ultimate PHP Board multiple XSS vulnerabilities
The remote version of Ultimate PHP Board UPB is affected by several cross-site scripting vulnerabilities. This issue is due to a failure of the application to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2005 Josh Zlatin-Amishav Some text descriptions might be excerpted from a...
Ultimate PHP Board 'users.dat' Information Disclosure Vulnerability
Ultimate PHP Board UPB is prone to an information disclosure vulnerability SPDX-FileCopyrightText: 2005 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ultimate PHP Board Information Leak
The remote host is running Ultimate PHP Board UPB. There is a flaw in this version which may allow an attacker to view private message board information. OpenVAS Vulnerability Test $Id: upbinfoleak.nasl 5780 2017-03-30 07:37:12Z cfi $ Description: Ultimate PHP Board Information Leak Authors: Erik...
Ultimate PHP Board Information Leak
The remote host is running Ultimate PHP Board UPB. There is a flaw in this version which may allow an attacker to view private message board information. SPDX-FileCopyrightText: 2004 Edgeos, Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Ultimate PHP Board 1.9.6 GOLD Multiple Scripts XSS (2)
The remote host is running Ultimate PHP Board UPB. The remote version of this software is affected by several cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. %NASLMINLEVEL 70300 This script was written by Josh...
UltimatePHPBoard.txt
Ultimate PHP Board UPB Security Advisory By : Morinex e-mail : morinexatmarocmafia com date : 13-05-2k5 shoutz : w00pie.nl Target : Ultimate PHP Board UPB Vulnerable Versions: v. 1.8 until v 1.9.6 URL : http://www.myupb.com - http://www.myupb.com/forum/ Tested Localhost , Myupb.com. UPB is a...
CVE-2002-1821
Ultimate PHP Board UPB 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to 1 adminmembers.php, 2 adminconfig.php, 3 admincat.php, or 4 adminforum.php...
CVE-2002-1820
register.php in Ultimate PHP Board UPB 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a."...
CVE-2002-1821
Affected software: Ultimate PHP Board (UPB) 1.0 and 1.0b. Vulnerability: Remote authenticated users can gain privileges and perform unauthorized actions by making direct requests to specific admin pages: admin_members.php, admin_config.php, admin_cat.php, and admin_forum.php. Root cause/impact: T...
CVE-2002-1820
The CVE-2002-1820 entry concerns Ultimate PHP Board (UPB) versions 1.0 and 1.0b where register.php uses an administrative account named Admin (capital A) but allows a remote attacker to impersonate the administrator by registering a user named admin (lowercase a). The root cause is inconsistent c...