CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2003
https://notcve.org/view.php?id=CVE-2005-2003
Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message. • http://marc.info/?l=bugtraq&m=111893777504821&w=2 http://secunia.com/advisories/15732 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2005-2005
https://notcve.org/view.php?id=CVE-2005-2005
Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat. • http://marc.info/?l=bugtraq&m=111893777504821&w=2 http://secunia.com/advisories/15732 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 2CVE-2005-2030 – Ultimate PHP Board 1.8/1.9 - Weak Password Encryption
https://notcve.org/view.php?id=CVE-2005-2030
Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat. • https://www.exploit-db.com/exploits/25838 http://marc.info/?l=bugtraq&m=111893777504821&w=2 http://www.securityfocus.com/bid/13975 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2005-1615 – Ultimate PHP Board 1.8/1.9 - 'viewforum.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-1615
viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly due to a SQL injection vulnerability. • https://www.exploit-db.com/exploits/25655 http://marc.info/?l=bugtraq&m=111600262424876&w=2 http://www.securityfocus.com/bid/13622 •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 2CVE-2005-1614 – Ultimate PHP Board 1.8/1.9 - 'viewforum.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1614
Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter. • https://www.exploit-db.com/exploits/25654 http://marc.info/?l=bugtraq&m=111600262424876&w=2 http://www.securityfocus.com/bid/13621 •