Max CVSS 10.0 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2006-3205 5.0
Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across sessions.
14-02-2024 - 01:17 24-06-2006 - 01:06
CVE-2006-3208 6.5
Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_c
14-02-2024 - 01:17 24-06-2006 - 01:06
CVE-2006-3203 10.0
The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges.
14-02-2024 - 01:17 24-06-2006 - 01:06
CVE-2006-3204 5.0
Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext
14-02-2024 - 01:17 24-06-2006 - 01:06
CVE-2006-3207 5.0
Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injec
18-10-2018 - 16:46 24-06-2006 - 01:06
CVE-2006-3206 5.0
register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records.
18-10-2018 - 16:46 24-06-2006 - 01:06
Back to Top Mark selected
Back to Top