20 matches found
CVE-2006-2568
UBB.threads vulnerability CVE-2006-2568 is a remote file inclusion in addpost_newpoll.php, where the thispath parameter is consumed by PHP include() without proper sanitization. Affected versions are UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial). Exploitation can enable an attacker to view ar...
CVE-2006-5137
CVE-2006-5137 affects Groupee UBB.threads 6.5.1.1 and enables remote PHP code injection through multiple vectors: (1) theme[] via admin/doedittheme.php into includes/theme.inc.php; (2) config[] via admin/doeditconfig.php into includes/config.inc.php; and (3) a URL in config[path] exploited to run...
CVE-2005-2060
Infopop UBB.Threads (before 6.5.2 Beta) is affected by HTTP Response Splitting in three scripts (toggleshow.php, togglecats.php, showprofile.php) via CRLF sequences in the Cat parameter. Root cause: insufficient input validation leads to remote spoofing of content and potential web-cache poisonin...
CVE-2005-0726
The CVE-2005-0726 entry concerns UBB.threads 6.0, where the editpost.php script is vulnerable to SQL injection via the Number parameter. The root cause is insufficient sanitization in editpost.php, allowing a remote attacker to execute arbitrary SQL commands. Impact includes potential data exposu...
CVE-2004-1622
UBB.threads 3.4.x is affected by a SQL injection in dosearch.php triggered via the Name parameter. The vulnerability allows remote attackers to execute arbitrary SQL statements on the back-end database. The CVE entry identifies the affected component as dosearch.php within UBB.threads and notes t...
CVE-2005-2057
The CVE-2005-2057 entry concerns Infopop UBB.Threads prior to version 6.5.2 Beta, with multiple reflected cross-site scripting (XSS) vulnerabilities. The NVD description specifies specific injectable parameters across several scripts: (1) dosearch.php (Searchpage), (2) Number, (3) what, or (4) pa...
CVE-2005-2059
Infopop UBB.Threads is affected by multiple CSRF vulnerabilities in addaddress.php, toggleignore.php, removeignore.php, and removeaddress.php, prior to version 6.5.2 Beta. The issue allows remote attackers to modify settings as another user via a link or IMG tag. The CVE entry provides this as th...
CVE-2006-2675
The CVE-2006-2675 entry concerns PHP remote file inclusion in the UBBThreads product (versions 5.x and 6.x). The vulnerability arises from using unsanitized input in the thispath and configdir parameters of ubbt.inc.php, allowing an attacker to cause arbitrary PHP code execution by supplying a cr...
CVE-2004-2510
CVE-2004-2510 represents a cross-site scripting vulnerability in Infopop UBB.Threads, tracked with multiple sources. The flaw resides in showflat.php and can be triggered via the Cat parameter, allowing injection of arbitrary script/HTML. Affected products are Infopop UBB.Threads prior to version...
CVE-2004-2509
Infopop UBB.Threads exposes XSS in multiple pages. Affected versions include 6.2.3 and 6.5, with vulnerable scripts calendar.php, login.php, and online.php. The underlying issue is cross-site scripting via the Cat parameter, enabling remote attackers to inject arbitrary script/HTML into a user’s ...
CVE-2005-2058
Infopop UBB.Threads (before 6.5.2 Beta) is affected by multiple SQL injection vulnerabilities in user-supplied parameters across several PHP scripts (download.php, modifypost.php, mailthread.php, notifymod.php, calendar.php, viewmessage.php, addfav.php, grabnext.php). Root cause: insufficient inp...
CVE-2008-6970
CVE-2008-6970 affects UBB.threads 7.3.1 and earlier, via dosearch.inc.php. The vulnerability is an SQL injection in the Forum[] array parameter, allowing remote attackers to execute arbitrary SQL commands. The available connected documents confirm the affected file/parameter and the resulting imp...
CVE-2012-5104
CVE-2012-5104 affects the web forum component UBB.threads (7.5.6 and earlier) . The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter. The connected records confirm the affected product/version and th...
CVE-2006-2755
CVE-2006-2755 is a cross-site scripting (XSS) vulnerability affecting UBBThreads 5.x and earlier, where the index.php script uses the debug parameter insecurely. The underlying issue is unsafely handling the debug input in UBBThreads, enabling remote attackers to inject arbitrary web script or HT...
CVE-2006-5136
UBB.threads 6.5.1.1 contains multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php that allow remote attackers to execute arbitrary PHP code via a URL provided to GLOBALS[thispath] or GLOBALS[configdir]. Root cause is improper handling of user-supplied URLs in these globals. The CVE ...
CVE-2006-5138
CVE-2006-5138 affects Groupee UBB.threads 6.5.1.1. The vulnerability allows remote attackers to obtain sensitive information via a direct request to cron/php/subscriptions.php, which reveals the installation path in an error message. This is a information disclosure issue reported in multiple sou...
CVE-2007-1956
The CVE-2007-1956 entry describes an SQL injection in ubbthreads.php of Groupee UBB.threads
CVE-2006-0545
The CVE-2006-0545 entry describes an SQL injection in showflat.php of UBB.threads (Groupee, formerly Infopop) version 6.3 and earlier. The vulnerability allows remote attackers to craft the Number parameter to execute arbitrary SQL commands, enabling potential data disclosure or modification. Aff...
CVE-2005-2061
CVE-2005-2061 affects Infopop UBB.Threads prior to 6.5.2 Beta. The issue is a remote file inclusion via the language parameter stored in a cookie, followed by a null (%00) byte, enabling an attacker to include arbitrary files. The NVD entry lists a CVSS v2 base score of 5.0 (Medium) with network ...
CVE-2006-1423
CVE-2006-1423 corresponds to a SQL injection vulnerability in showflat.php of UBB.threads (versions 5.5.1, 6.0 br5, 6.0.1, 6.0.2 and earlier). The issue allows remote attackers to inject arbitrary SQL through the Number parameter, enabling potential unauthorized database access. Connected sources...