VYPR

Vendor CVEs

Ubbcentral

All CVEs

24 total · sorted by risk
  • CVE-2005-2059MedJun 29, 2005
    risk 0.42cvss 6.5epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.

  • CVE-2008-6970Aug 13, 2009
    risk 0.04cvss epss 0.07

    SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.

  • CVE-2006-2568May 24, 2006
    risk 0.04cvss epss 0.08

    PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter.

  • CVE-2012-5104Sep 23, 2012
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter.

  • CVE-2007-1956Apr 11, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter.

  • CVE-2006-5137Oct 3, 2006
    risk 0.03cvss epss 0.02

    Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array…

  • CVE-2006-2755Jun 2, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords.

  • CVE-2006-2675May 30, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters.

  • CVE-2006-0545Feb 4, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter.

  • CVE-2005-2058Jun 29, 2005
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to…

  • CVE-2004-2510Dec 31, 2004
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter.

  • CVE-2004-2509Dec 31, 2004
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.

  • CVE-2004-1622Oct 21, 2004
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.

  • CVE-2026-54222Jun 18, 2026
    risk 0.00cvss epss 0.00

    UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by…

  • CVE-2026-54221Jun 18, 2026
    risk 0.00cvss epss 0.00

    UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser by tricking them into clicking a crafted link.  Because vendor contact…

  • CVE-2026-54220Jun 18, 2026
    risk 0.00cvss epss 0.00

    uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been…

  • CVE-2026-54219Jun 18, 2026
    risk 0.00cvss epss 0.00

    UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact…

  • CVE-2006-5138Oct 3, 2006
    risk 0.00cvss epss 0.01

    Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message.

  • CVE-2006-5136Oct 3, 2006
    risk 0.00cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter.

  • CVE-2006-1423Mar 28, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter.

  • CVE-2005-2061Jun 29, 2005
    risk 0.00cvss epss 0.01

    Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte.

  • CVE-2005-2057Jun 29, 2005
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number,…

  • CVE-2005-2060Jun 29, 2005
    risk 0.00cvss epss 0.01

    Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter.

  • CVE-2005-0726May 2, 2005
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter.