167 matches found
UBBCentral UBB.Threads 7.3.1 - 'Forum[]' Array SQL Injection
source: https://www.securityfocus.com/bid/31074/info UBB.threads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...
CVE-2007-1956
SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter...
CVE-2007-1956
The CVE-2007-1956 entry describes an SQL injection in ubbthreads.php of Groupee UBB.threads
CVE-2007-1956
SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter...
ubb-sql.txt
UBB.threads SQL Injection Vulnerability The variable 'C' in UBB.threads is susceptible to SQL injection. Vulnerability: http://target.com/ubbthreads.php?Cat=cat&C=' Vulnerable: UBB.threads = 6.1.1 Google d0rk: allintitle:"Forums powered by UBB.threads" John Martinelli [email protected]...
UBB.threads (<= 6.1.1) SQL Injection Vulnerability
UBB.threads SQL Injection Vulnerability The variable 'C' in UBB.threads is susceptible to SQL injection. Vulnerability: http://target.com/ubbthreads.php?Cat=cat&C=' Vulnerable: UBB.threads = 6.1.1 Google d0rk: allintitle:"Forums powered by UBB.threads" John Martinelli [email protected]...
UBBCentral UBB.Threads 6.1.1 - UBBThreads.php SQL Injection
UBBCentral UBB.Threads 6.1.1 - UBBThreads.php SQL Injection source: https://www.securityfocus.com/bid/23369/info UBB.threads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow a...
UBBCentral UBB.Threads 6.1.1 - 'UBBThreads.php' SQL Injection
source: https://www.securityfocus.com/bid/23369/info UBB.threads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...
UBB.threads-6.txt
Hello,, UBB.threads Multiple input validation error Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested on Version 6 6.5.1.1 and other versions maybe affected Remote File including :...
CVE-2006-5138
Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message...
CVE-2006-5136
Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSthispath or 2 GLOBALSconfigdir parameter...
CVE-2006-5137
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to 1 inject PHP code via a theme array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; 2 inject PHP code via a config array parameter to...
CVE-2006-5136
Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSthispath or 2 GLOBALSconfigdir parameter...
CVE-2006-5136
UBB.threads 6.5.1.1 contains multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php that allow remote attackers to execute arbitrary PHP code via a URL provided to GLOBALS[thispath] or GLOBALS[configdir]. Root cause is improper handling of user-supplied URLs in these globals. The CVE ...
CVE-2006-5137
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to 1 inject PHP code via a theme array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; 2 inject PHP code via a config array parameter to...
CVE-2006-5138
Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message...
CVE-2006-5138
CVE-2006-5138 affects Groupee UBB.threads 6.5.1.1. The vulnerability allows remote attackers to obtain sensitive information via a direct request to cron/php/subscriptions.php, which reveals the installation path in an error message. This is a information disclosure issue reported in multiple sou...
CVE-2006-5137
CVE-2006-5137 affects Groupee UBB.threads 6.5.1.1 and enables remote PHP code injection through multiple vectors: (1) theme[] via admin/doedittheme.php into includes/theme.inc.php; (2) config[] via admin/doeditconfig.php into includes/config.inc.php; and (3) a URL in config[path] exploited to run...
UBB.threads doeditconfig Arbitrary Command Injection
The version of UBB.threads installed on the remote host fails to sanitize input to the 'thispath' and 'config' parameters of the 'admin/doeditconfig.php' script before using them to update the application's configuration file. Provided PHP's 'registerglobals' setting is enabled, an unauthenticate...
UBB.threads Multiple input validation error
Hello,, UBB.threads Multiple input validation error Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested on Version 6 6.5.1.1 and other versions maybe affected Remote File including :...