EUVD-2006-2674

Malware in sbrugna...

UBBCentral UBB.threads 5.5.1/6.x viewmessage.php message Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker...

UBB.threads 5.5.1 (message) Remote SQL Injection Vulnerability

No description provided by source. Discovered: 07-18-08 By: SecureState R&D Team sasquatch www.securestate.com Background: ----------- SQL injection has previously been discovered http://www.securityfocus.com/bid/14052/ New Details: ------------ UBBThreads is nice enough to encrypt/mask the regul...

UBBCentral UBB.Threads 5.5.1 - message SQL Injection

UBBCentral UBB.Threads 5.5.1 - message SQL Injection Discovered: 07-18-08 By: SecureState R&D Team sasquatch www.securestate.com Background: ----------- SQL injection has previously been discovered https://www.securityfocus.com/bid/14052/ New Details: ------------ UBBThreads is nice enough to...

UBB.threads 5.5.1 (message) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== UBB.threads 5.5.1 message Remote SQL Injection Vulnerability ============================================================== Background: ----------- SQL injection has previously...

Infopop UBB.Threads Admin Credentials via SQL Injection

No description provided by source. Background: ----------- SQL injection has previously been discovered \ http://www.securityfocus.com/bid/14052/ New Details: ------------ UBBThreads is nice enough to encrypt/mask the regular users' passwords in the \ database, but stores the admin users' passwor...

UBB.Threads SQL Injection

Discovered: 07-18-08 By: SecureState R&D Team sasquatch www.securestate.com Background: ----------- SQL injection has previously been discovered http://www.securityfocus.com/bid/14052/ New Details: ------------ UBBThreads is nice enough to encrypt/mask the regular users' passwords in the database...

CVE-2007-1956

SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords...

CVE-2006-2755

Cross-site scripting XSS vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords...

CVE-2006-2755

Cross-site scripting XSS vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords...

CVE-2006-2755

CVE-2006-2755 is a cross-site scripting (XSS) vulnerability affecting UBBThreads 5.x and earlier, where the index.php script uses the debug parameter insecurely. The underlying issue is unsafely handling the debug input in UBBThreads, enabling remote attackers to inject arbitrary web script or HT...

CVE-2006-2675

PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the 1 thispath or 2 configdir parameters...

CVE-2006-2675

The CVE-2006-2675 entry concerns PHP remote file inclusion in the UBBThreads product (versions 5.x and 6.x). The vulnerability arises from using unsanitized input in the thispath and configdir parameters of ubbt.inc.php, allowing an attacker to cause arbitrary PHP code execution by supplying a cr...

CVE-2006-2675

PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the 1 thispath or 2 configdir parameters...

UBBThreads 5.x,6.x md5 hash disclosure

UBBThreads 5.x,6.x md5 hash disclosure ------------------------------------------- Using XSS such as the one reported earlier: http://site/ubbpath/index.php?debug=xss will allow you to inject javascript and steal MD5 Hashes from: http://site/ubbpath/editbasic.php The MD5 is automatically included...

Advisory: UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities.

--Security Report-- Advisory: UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 27/05/06 09:44 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Infopop...

UBBThreads-md5.txt

UBBThreads 5.x,6.x md5 hash disclosure ------------------------------------------- Using XSS such as the one reported earlier: http://site/ubbpath/index.php?debug=xss will allow you to inject javascript and steal MD5 Hashes from: http://site/ubbpath/editbasic.php The MD5 is automatically included...

UBB Threads 5.x / 6.x Multiple Remote File Inclusion Vulnerabilities

No description provided by source. UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities Contacts ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com This exploits works on UBBThreads 5.x,6.x Original advisory can be found at: http://www.nukedx.com/?viewdoc=40 Succesful exploitation...

UBBCentral UBB.Threads 5.x6.x - Multiple Remote File Inclusions

UBBCentral UBB.Threads 5.x6.x - Multiple Remote File Inclusions UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities Contacts ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com This exploits works on UBBThreads 5.x,6.x Original advisory can be found at:...