33 matches found
CVE-2005-2030
Ultimate PHP Board UPB 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat...
CVE-2005-2003
CVE-2005-2003 affects Ultimate PHP Board (UPB) 1.9.6 GOLD. The vulnerability lets remote attackers obtain sensitive information by supplying an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, with the resulting error message revealing the path on the server.
CVE-2005-2005
CVE-2005-2005 affects Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier. The vulnerability arises because UPB stores the users.dat file under the web document root with insufficient access control, allowing remote attackers to directly request db/users.dat and obtain sensitive user information. Rel...
UPBdecrypt.pl.txt
!/usr/bin/perl Passwords Decrypter for UPB $optf" || die "- Unable to open $optf: $!"; print RESULTS "Results for $opth\n","="x40,"\n\n"; for$in=0;$in/ && print RESULTS "Username: $1\n"; $page$in=m/^$1.?/ && print RESULTS "Crypted P...
CVE-2005-2003
Ultimate PHP Board UPB 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid zero id parameter to 1 viewtopic.php, 2 profile.php, or 3 newpost.php, which reveals the path in an error message...
Ultimate PHP Board 1.9.6 GOLD - users.dat Password Decryptor
Ultimate PHP Board 1.9.6 GOLD - users.dat Password Decryptor !/usr/bin/perl Passwords Decrypter for UPB $optf" || die "- Unable to open $optf: $!"; print RESULTS "Results for $opth\n","="x40,"\n\n"; for$in=0;$in/ && print RESULTS "Username: $1\n"; $page$in=m/...
CVE-2005-1616
CVE-2005-1616 concerns Ultimate PHP Board (UPB). The connected docs show that UPB versions up to 1.9.6 (i.e.,
CVE-2005-1615
Ultimate PHP Board (UPB) versions 1.8 through 1.9.6 are affected by a vulnerability in viewforum.php where the postorder parameter is not properly handled by textdb.inc.php, potentially allowing remote attackers to read sensitive data via a SQL injection-like flaw. Multiple sources (CVE records a...
CVE-2005-1614
Vulnerability overview (CVE-2005-1614) : The UPB (Ultimate PHP Board) versions 1.8 through 1.9.6 are affected by a cross-site scripting (XSS) flaw in the viewforum.php script, exploitable via the postorder parameter. This can allow remote attackers to inject arbitrary script/HTML. The NVD reports...
CVE-2005-1615
viewforum.php in Ultimate PHP Board UPB 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly due to a SQL injection vulnerability...
CVE-2003-0395
CVE-2003-0395 affects Ultimate PHP Board (UPB) 1.9. A remote attacker can execute arbitrary PHP code with UPB administrator privileges by sending PHP commands in the HTTP User-Agent header; code is executed when the administrator processes admin_iplog.php. The issue is caused by unsafely handling...
UPB: Discussion Board/Web-Site Takeover
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: UPB: Discussion Board/Web-Site Takeover product: Ultimate PHP Board v1.9 latest vendor: www.myupb.com risk: high date: 05/24/2k3 discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/024.en.txt...
Multiple Web Security Holes
I sent this three times to webappsec but without resultats. I try so on bugtraq, although that is less appropriate. ----------------------------------------------------- Five products in PHP are vulnerable to various holes. 1 TightAuction Website : http://www.tightprices.com Tested Version : 3.0...