167 matches found
UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force
!/usr/bin/perl use LWP::UserAgent; UBB.Threads 6.2. - 6.3. exploit with one char brute technique by 1dt.w0lf // r57 $path = $ARGV0; $username = $ARGV1; $snum = 1; $n=0; $|++; if @ARGV 2 print "Please wait...\r\n"; print ""; while1 &found0,122; 0 if $char=="0" print "\r\n\r\n";...
UBB.threads dosearch.php SQL injection
There is a SQL injection issue in the remote version of UBB.threads that may allow an attacker to execute arbitrary SQL statements on the remote host and potentially overwrite arbitrary files there by sending a malformed value to the 'Name' argument of the file 'dosearch.php'. %NASLMINLEVEL 70300...
CVE-2004-1622
SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter...
UBBCentral UBB.Threads 3.4/3.5 - 'Dosearch.php' SQL Injection
source: https://www.securityfocus.com/bid/11502/info It is reported that UBBCentral UBB.threads is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input. Because of this, a malicious user may influence database...
CVE-2002-0223
Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension...
CVE-2002-0223
CVE-2002-0223 affects Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9. The vulnerability allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension but ends with a different, non-accepted extension. The issue is a fi...
CVE-2002-0223
Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension...