196 matches found
CVE-2015-2217
Multiple cross-site scripting XSS vulnerabilities in Ultimate PHP Board aka myUPB before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the 1 q parameter to search.php or 2 avatar parameter to profile.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Ultimate PHP Board aka myUPB before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the 1 q parameter to search.php or 2 avatar parameter to profile.php...
CVE-2015-2217
Ultimate PHP Board (UPB, also known as myUPB) is affected by multiple XSS vulnerabilities. The CVE-2015-2217 entry describes remote XSS via the q parameter in search.php or the avatar parameter in profile.php, with impact described as injection of arbitrary web script/HTML. Public sources within ...
Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting
Exploit Title : Ultimate PHP Board UPB 2.2.7 Cross Site Scripting Vulnerability CVE : CVE-2015-2217 Date : 4 March 2015 Exploit Author : CWH Underground Discovered By : ZeQ3uL Site : www.2600.in.th Vendor Homepage : http://www.myupb.com Software Link :...
Ultimate PHP Board <= 2.0 (header_simple.php) File Include Exploit
No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
Ultimate PHP Board 1.9 admin_iplog.PHP Arbitrary PHP Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7678/info A vulnerability has been reported in Ultimate PHP Board. The problem is said to occur due to insufficient sanitization of user-supplied input before including log data into a PHP file. As a result, it may be...
Ultimate PHP Board <= 1.9.6 GOLD users.dat Password Decryptor
No description provided by source. !/usr/bin/perl Passwords Decrypter for UPB = 1.9.6 Related advisory: http://www.securityfocus.com/archive/1/402461/30/0/threaded Discovered and Coded by Alberto Trivero Password file is located at: http://www.example.com/upb/db/users.dat /str0ke use Getopt::Std;...
Ultimate PHP Board 2.2.7 Broken Authentication and Session Management
No description provided by source. Exploit Title : Ultimate PHP Board 2.2.7 Broken Authentication and Session Management Date : 2011.05.17 Author : i2sec - Gi bum Hong Software Link : http://sourceforge.net/projects/textmb/files/UPB/UPB%202.2.7/ Version : 2.2.7 Tested on : apache 2.2.14 | mysql...
Ultimate PHP Board 1.8/1.9 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/13971/info Ultimate PHP Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these...
PHP-Board 1.0 User Password Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to...
Ultimate PHP Board 1.8/1.9 ViewForum.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13621/info Ultimate PHP Board is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
Ultimate PHP Board 1.0/1.1 Image Tag Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4603/info Ultimate PHP Board UPB is web forum software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Ultimate PHP Board does not filter script code from image tags. This may...
Ultimate PHP Board <= 1.96 GOLD Multiple Vulnerabilities Exploit
No description provided by source. ?php / Advisory: http://www.kliconsulting.com/users/mbrooks/UPBadvisory.rtf Vendors site: http://forum.myupb.com/ Download: http://fileserv.myupb.com/download.php?url=upb196GOLD.zip http://prdownloads.sourceforge.net/textmb/upb1.8.2.zip?download Download Mirror:...
Ultimate PHP Board <= 2.0b1 (chat/login.php) Code Execution Exploit
No description provided by source. !/usr/bin/perl +------------------------------------------------------------------------------------------- + Ultimate PHP Board = 2.0b1 chat/login.php Remote Code Execution Vulnerability...
Ultimate PHP Board 1.8/1.9 ViewForum.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13622/info Ultimate PHP Board is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation...
Ultimate PHP Board User-Agent HTTP Header Code Execution - Ver2 (CVE-2003-0395)
A code execution vulnerability has been reported in Ultimate PHP Board. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Ultimate PHP Board 2.2.7 - Broken Authentication and Session Management
Ultimate PHP Board 2.2.7 - Broken Authentication and Session Management Exploit Title : Ultimate PHP Board 2.2.7 "Broken Authentication and Session Management" Date : 2011.05.17 Author : i2sec - Gi bum Hong Software Link : http://sourceforge.net/projects/textmb/files/UPB/UPB%202.2.7/ Version :...
Cross site scripting
Cross-site scripting XSS vulnerability in Ultimate PHP Board UPB 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header...
CVE-2008-6727
Cross-site scripting XSS vulnerability in Ultimate PHP Board UPB 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header...
CVE-2008-6727
CVE-2008-6727 describes a cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) versions up to 2.x, specifically 2.2.2 and 2.2.1 (and earlier 2.x). The issue arises from accepting the User-Agent HTTP header without proper sanitization, enabling a remote attacker to inject arbitrary...