Lucene search

K
InfopopUltimate Bulletin Board

8 matches found

CVE
CVE
added 2002/02/02 5:0 a.m.42 views

CVE-2001-0897

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.

5CVSS6.7AI score0.0117EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.37 views

CVE-2005-1199

SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter.

7.5CVSS7.2AI score0.00359EPSS
CVE
CVE
added 2023/04/27 9:15 p.m.37 views

CVE-2022-25091

Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature.

5.3CVSS5.4AI score0.00123EPSS
CVE
CVE
added 2002/03/25 5:0 a.m.36 views

CVE-2002-0118

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.

7.5CVSS7.3AI score0.03062EPSS
CVE
CVE
added 2016/10/17 4:0 a.m.34 views

CVE-2003-0587

Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie.

6.9CVSS6.3AI score0.00137EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.33 views

CVE-1999-0854

Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file.

5CVSS7.2AI score0.00647EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.33 views

CVE-2000-0141

Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field.

10CVSS7.6AI score0.02467EPSS
CVE
CVE
added 2002/05/16 4:0 a.m.31 views

CVE-2002-0223

Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 through 5.0.9 allows remote attackers to upload arbitrary files by using a filename that contains an accepted extension, but ends in a different extension.

7.5CVSS7.3AI score0.00861EPSS