| Max CVSS | 10.0 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-3205 | 5.0 |
Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across sessions.
|
14-02-2024 - 01:17 | 24-06-2006 - 01:06 | |
| CVE-2006-3208 | 6.5 |
Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_c
|
14-02-2024 - 01:17 | 24-06-2006 - 01:06 | |
| CVE-2006-3203 | 10.0 |
The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges.
|
14-02-2024 - 01:17 | 24-06-2006 - 01:06 | |
| CVE-2006-3204 | 5.0 |
Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext
|
14-02-2024 - 01:17 | 24-06-2006 - 01:06 |