Ubb.threads
by Ubbcentral
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2060 | 0.00 | — | 0.01 | Jun 29, 2005 | Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter. | |||
| CVE-2005-2061 | 0.00 | — | 0.01 | Jun 29, 2005 | Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte. | |||
| CVE-2005-2057 | 0.00 | — | 0.01 | Jun 29, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number,… | |||
| CVE-2005-0726 | 0.00 | — | 0.01 | May 2, 2005 | SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter. |
- CVE-2005-2060Jun 29, 2005risk 0.00cvss —epss 0.01
Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter.
- CVE-2005-2061Jun 29, 2005risk 0.00cvss —epss 0.01
Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte.
- CVE-2005-2057Jun 29, 2005risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number,…
- CVE-2005-0726May 2, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter.
Page 2 of 2