33 matches found
CVE-2008-6727
CVE-2008-6727 describes a cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) versions up to 2.x, specifically 2.2.2 and 2.2.1 (and earlier 2.x). The issue arises from accepting the User-Agent HTTP header without proper sanitization, enabling a remote attacker to inject arbitrary...
CVE-2002-2322
CVE-2002-2322 affects Ultimate PHP Board (UPB) 1.0b, where the users.dat data file is stored under the web root with insufficient access control. This exposes usernames and passwords to remote attackers via the exposed file. The vulnerability is caused by improper access control rather than code ...
CVE-2002-2322
Ultimate PHP Board UPB 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords...
CVE-2002-2276
Ultimate PHP Board (UPB) 1.0 exposes a path disclosure: a direct request to add.php allows remote attackers to view the physical path of the message board via the error message. This is a remote information-disclosure vulnerability (CVE-2002-2276). Exploitation details are described across multip...
CVE-2006-7169
PHP remote file inclusion vulnerability in includes/headersimple.php in Ultimate PHP Board UPB 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGskindir parameter...
CVE-2006-7169
CVE-2006-7169 describes a PHP remote file inclusion in Ultimate PHP Board (UPB) 2.0 and earlier . The vulnerability affects the file includes/header_simple.php, where an attacker can cause arbitrary PHP code execution by supplying a URL in the _CONFIG[skin_dir] parameter. Public references indica...
CVE-2006-6790
Summary: CVE-2006-6790 affects Ultimate PHP Board (UPB) 2.0b1 and earlier. The vulnerability is in chat/login.php where the username parameter is written to chat/text.php without proper sanitization, allowing an attacker to inject arbitrary PHP code that can be executed with the web server user p...
CVE-2006-3205
Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to gain access via modified userenv, passenv, powerenv, and idenv parameters in a cookie, which comprise a persistent logon that does not vary across sessions...
CVE-2006-3204
CVE-2006-3204 affects Ultimate PHP Board (UPB) up to version 1.9.6. The underlying issue is a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key when given the plaintext (password sent at login) and the cipher...
CVE-2006-3208
CVE-2006-3208 affects Ultimate PHP Board (UPB) up to version 1.9.6. The issue is a direct static code injection vulnerability that allows remote authenticated administrators to execute arbitrary PHP code via multiple configuration fields stored in admin_chatconfig.php, admin_configcss.php, admin_...
CVE-2006-3204
Ultimate PHP Board UPB 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the...
CVE-2006-3206
The connected sources confirm CVE-2006-3206 affects Ultimate PHP Board (UPB) versions 1.9.6 and earlier, with a vulnerability in register.php. The root cause is that the signature field uses the "[NR]" sequence to separate records, enabling remote attackers to create arbitrary user accounts. The ...
CVE-2006-3205
CVE-2006-3205 affects Ultimate PHP Board (UPB) versions 1.9.6 and earlier. The issue stems from cookie-based authentication where parameters such as user_env , pass_env , power_env , and id_env can be modified to create a persistent logon that does not vary across sessions. This enables remote at...
CVE-2006-3203
The CVE-2006-3203 vulnerability affects Ultimate PHP Board (UPB) versions 1.9.6 and earlier, where a default administrator login and password exist. This root cause enables remote attackers to gain privileges (high impact) without authentication. Affected component: UPB installation process inclu...
Ultimate PHP Board Information Leak
The remote host is running Ultimate PHP Board UPB. There is a flaw in this version which may allow an attacker to view private message board information. SPDX-FileCopyrightText: 2004 Edgeos, Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
[SA16144] Ultimate PHP Board Cross-Site Scripting and Script Insertion
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
CVE-2002-1821
Affected software: Ultimate PHP Board (UPB) 1.0 and 1.0b. Vulnerability: Remote authenticated users can gain privileges and perform unauthorized actions by making direct requests to specific admin pages: admin_members.php, admin_config.php, admin_cat.php, and admin_forum.php. Root cause/impact: T...
CVE-2002-1821
Ultimate PHP Board UPB 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to 1 adminmembers.php, 2 adminconfig.php, 3 admincat.php, or 4 adminforum.php...
CVE-2002-1820
The CVE-2002-1820 entry concerns Ultimate PHP Board (UPB) versions 1.0 and 1.0b where register.php uses an administrative account named Admin (capital A) but allows a remote attacker to impersonate the administrator by registering a user named admin (lowercase a). The root cause is inconsistent c...
CVE-2005-2030
Ultimate PHP Board UPB 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat...