Ubbcentral: >> Ubb.threads >> 6.5.1.1 Security Vulnerabilities
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.
CVSS Score
6.5
EPSS Score
0.005
Published
2005-06-29
Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-06-29
Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-06-29
Page 2