CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 2CVE-2006-3203
https://notcve.org/view.php?id=CVE-2006-3203
The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges. La instalación de Ultimate PHP Board (UPB) v1.9.6 y anteriores incluye una cuenta de acceso y password de administrador defectuoso, que permite a atacantes remotos obtener privilegios. • http://securityreason.com/securityalert/1138 http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt http://www.securityfocus.com/archive/1/437875/100/0/threaded • CWE-255: Credentials Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2006-3206
https://notcve.org/view.php?id=CVE-2006-3206
register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records. register.php en Ultimate PHP Board (UPB) v1.9.6 y anteriores, permiten a atacantes remotos crear cuentas de su elección a través de la secuencia "[NR]" en el campo "signature" que es usado por múltiples registros separados. • http://securityreason.com/securityalert/1138 http://www.securityfocus.com/archive/1/437875/100/0/threaded •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2006-3207
https://notcve.org/view.php?id=CVE-2006-3207
Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CGI script using "[NR]" sequences in the message parameter, then calling close.php with modified id and t_id parameters to chmod the script. NOTE: this issue might be resultant from dynamic variable evaluation. • http://securityreason.com/securityalert/1138 http://www.securityfocus.com/archive/1/437875/100/0/threaded •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2006-3208
https://notcve.org/view.php?id=CVE-2006-3208
Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB. Vulnerabilidad de inyección directa de código estático en Ultimate PHP Board (UPB) v1.9.6 y anteriores permite a administradores autenticados remotamente ejecutar código PHP de su elección a através de múltiples "campos de comfiguración" sin especificar en (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, o (4) admin_config2.php, que son almacenados como parámetros de configuración NOTA: este caso puede ser explotado por atacantes remotos aprovechando otras vulnerabilidades en UPB. • http://securityreason.com/securityalert/1138 http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt http://www.securityfocus.com/archive/1/437875/100/0/threaded •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2005-2004
https://notcve.org/view.php?id=CVE-2005-2004
Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php. • http://marc.info/?l=bugtraq&m=111893777504821&w=2 http://secunia.com/advisories/15732 •