167 matches found
UBBCentral UBB.Threads 6.3 - showflat.php SQL Injection
UBBCentral UBB.Threads 6.3 - showflat.php SQL Injection source: https://www.securityfocus.com/bid/16520/info UBB.Threads is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successf...
UBBCentral UBB.Threads 6.3 - 'showflat.php' SQL Injection
source: https://www.securityfocus.com/bid/16520/info UBB.Threads is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise th...
CVE-2004-2509
Infopop UBB.Threads exposes XSS in multiple pages. Affected versions include 6.2.3 and 6.5, with vulnerable scripts calendar.php, login.php, and online.php. The underlying issue is cross-site scripting via the Cat parameter, enabling remote attackers to inject arbitrary script/HTML into a user’s ...
CVE-2004-2510
CVE-2004-2510 represents a cross-site scripting vulnerability in Infopop UBB.Threads, tracked with multiple sources. The flaw resides in showflat.php and can be triggered via the Cat parameter, allowing injection of arbitrary script/HTML. Affected products are Infopop UBB.Threads prior to version...
CVE-2004-2509
Cross-site scripting XSS vulnerabilities in 1 calendar.php, 2 login.php, and 3 online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter...
CVE-2005-2058
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to 1 download.php, 2 modifypost.php, 3 mailthread.php, or 4 notifymod.php, 5 month or 6 year parameter to calendar.php, 7 message...
CVE-2005-2060
Multiple HTTP Response Splitting vulnerabilities in 1 toggleshow.php, 2 togglecats.php, and 3 showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the Cat parameter...
CVE-2005-2061
Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null %00 byte...
CVE-2005-2057
Multiple cross-site scripting XSS vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the 1 Searchpage parameter to dosearch.php, 2 Number, 3 what, or 4 page parameter to newreply.php, 5 Number, 6 Board, or 7 what parameter to...
CVE-2005-2059
Multiple cross-site request forgery CSRF vulnerabilities in 1 addaddress.php, 2 toggleignore.php, 3 removeignore.php, and 4 removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag...
CVE-2005-2059
Multiple cross-site request forgery CSRF vulnerabilities in 1 addaddress.php, 2 toggleignore.php, 3 removeignore.php, and 4 removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag...
CVE-2005-2061
Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null %00 byte...
CVE-2005-2060
Infopop UBB.Threads (before 6.5.2 Beta) is affected by HTTP Response Splitting in three scripts (toggleshow.php, togglecats.php, showprofile.php) via CRLF sequences in the Cat parameter. Root cause: insufficient input validation leads to remote spoofing of content and potential web-cache poisonin...
CVE-2005-2058
Infopop UBB.Threads (before 6.5.2 Beta) is affected by multiple SQL injection vulnerabilities in user-supplied parameters across several PHP scripts (download.php, modifypost.php, mailthread.php, notifymod.php, calendar.php, viewmessage.php, addfav.php, grabnext.php). Root cause: insufficient inp...
CVE-2005-2059
Infopop UBB.Threads is affected by multiple CSRF vulnerabilities in addaddress.php, toggleignore.php, removeignore.php, and removeaddress.php, prior to version 6.5.2 Beta. The issue allows remote attackers to modify settings as another user via a link or IMG tag. The CVE entry provides this as th...
CVE-2005-2061
CVE-2005-2061 affects Infopop UBB.Threads prior to 6.5.2 Beta. The issue is a remote file inclusion via the language parameter stored in a cookie, followed by a null (%00) byte, enabling an attacker to include arbitrary files. The NVD entry lists a CVSS v2 base score of 5.0 (Medium) with network ...
CVE-2005-2057
The CVE-2005-2057 entry concerns Infopop UBB.Threads prior to version 6.5.2 Beta, with multiple reflected cross-site scripting (XSS) vulnerabilities. The NVD description specifies specific injectable parameters across several scripts: (1) dosearch.php (Searchpage), (2) Number, (3) what, or (4) pa...
CVE-2005-2057
Multiple cross-site scripting XSS vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the 1 Searchpage parameter to dosearch.php, 2 Number, 3 what, or 4 page parameter to newreply.php, 5 Number, 6 Board, or 7 what parameter to...
CVE-2005-2060
Multiple HTTP Response Splitting vulnerabilities in 1 toggleshow.php, 2 togglecats.php, and 3 showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the Cat parameter...
CVE-2005-2058
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to 1 download.php, 2 modifypost.php, 3 mailthread.php, or 4 notifymod.php, 5 month or 6 year parameter to calendar.php, 7 message...