Shodan
Vulnerabilities
Vulnerable Software
Ubbcentral:  >> Ubb.threads  Security Vulnerabilities
CVE-2006-0545
SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2006-02-04
CVE-2005-2057
Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php.
CVSS Score
6.8
EPSS Score
0.012
Published
2005-06-29
CVE-2005-2058
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2005-06-29
CVE-2005-2059
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.
CVSS Score
6.5
EPSS Score
0.005
Published
2005-06-29
CVE-2005-2060
Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-06-29
CVE-2005-2061
Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-06-29
CVE-2005-0726
SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2005-05-02
CVE-2004-2509
Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.
CVSS Score
4.3
EPSS Score
0.013
Published
2004-12-31
CVE-2004-2510
Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter.
CVSS Score
4.3
EPSS Score
0.029
Published
2004-12-31
CVE-2004-1622
SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2004-10-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved