CVE-2004-1622

SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.

CVE-2005-0726

SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter.

CVE-2005-2058

Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) m...

CVE-2007-1956

SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter.

CVE-2008-6970

SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.

CVE-2006-5136

Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter.

CVE-2006-0545

SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter.