Page 2 of 14 results (0.006 seconds)

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records. register.php en Ultimate PHP Board (UPB) v1.9.6 y anteriores, permiten a atacantes remotos crear cuentas de su elección a través de la secuencia "[NR]" en el campo "signature" que es usado por múltiples registros separados. • http://securityreason.com/securityalert/1138 http://www.securityfocus.com/archive/1/437875/100/0/threaded •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CGI script using "[NR]" sequences in the message parameter, then calling close.php with modified id and t_id parameters to chmod the script. NOTE: this issue might be resultant from dynamic variable evaluation. • http://securityreason.com/securityalert/1138 http://www.securityfocus.com/archive/1/437875/100/0/threaded •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB. Vulnerabilidad de inyección directa de código estático en Ultimate PHP Board (UPB) v1.9.6 y anteriores permite a administradores autenticados remotamente ejecutar código PHP de su elección a através de múltiples "campos de comfiguración" sin especificar en (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, o (4) admin_config2.php, que son almacenados como parámetros de configuración NOTA: este caso puede ser explotado por atacantes remotos aprovechando otras vulnerabilidades en UPB. • http://securityreason.com/securityalert/1138 http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt http://www.securityfocus.com/archive/1/437875/100/0/threaded •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1

Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php. • http://marc.info/?l=bugtraq&m=111893777504821&w=2 http://secunia.com/advisories/15732 •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat. • http://marc.info/?l=bugtraq&m=111893777504821&w=2 http://secunia.com/advisories/15732 •