Ultimate Php Board

Ultimate Php Board

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2005-2004

Exploit
  • EPSS 0.35%
  • Veröffentlicht 17.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id p...

5

CVE-2005-2030

Exploit
  • EPSS 1.55%
  • Veröffentlicht 16.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat.

5

CVE-2005-2005

  • EPSS 0.31%
  • Veröffentlicht 16.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users...

5

CVE-2005-2003

  • EPSS 0.35%
  • Veröffentlicht 16.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message.

7.5

CVE-2005-1616

  • EPSS 0.64%
  • Veröffentlicht 16.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened.

7.5

CVE-2005-1615

  • EPSS 0.32%
  • Veröffentlicht 16.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly due to a SQL injection vulnerability.

6.8

CVE-2005-1614

Exploit
  • EPSS 0.52%
  • Veröffentlicht 16.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter.

4.6

CVE-2002-1821

  • EPSS 0.21%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php.

5

CVE-2002-2322

  • EPSS 0.48%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords.

5

CVE-2002-2276

Exploit
  • EPSS 0.31%
  • Veröffentlicht 31.12.2002 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message.