Ultraboard
by Ultrascripts
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2000-0332 | 0.04 | — | 0.08 | May 3, 2000 | UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte. | ||
| CVE-2000-0426 | 0.03 | — | 0.06 | May 5, 2000 | UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself. | ||
| CVE-2001-0135 | 0.00 | — | 0.00 | Mar 12, 2001 | The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs. |
- CVE-2000-0332May 3, 2000risk 0.04cvss —epss 0.08
UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte.
- CVE-2000-0426May 5, 2000risk 0.03cvss —epss 0.06
UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself.
- CVE-2001-0135Mar 12, 2001risk 0.00cvss —epss 0.00
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs.