Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-3204
Ultimate PHP Board (UPB) 1.9.6 and previous versions uses a cryptographically weak block cipher with a large key collision space, which allows remote malicious users to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, whi...
Ultimate Php Board Ultimate Php Board 1.9.6
Ultimate Php Board Ultimate Php Board 1.8
Ultimate Php Board Ultimate Php Board 1.8.2
Ultimate Php Board Ultimate Php Board 1.9
5
CVSSv2
CVE-2006-3207
Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and previous versions allows remote malicious users to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CG...
Ultimate Php Board Ultimate Php Board 1.9
Ultimate Php Board Ultimate Php Board 1.9.6
Ultimate Php Board Ultimate Php Board 1.8
Ultimate Php Board Ultimate Php Board 1.8.2
5
CVSSv2
CVE-2001-0897
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) prior to 5.47e allows remote malicious users to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.
Infopop Ultimate Bulletin Board 5.07
Infopop Ultimate Bulletin Board 2.11
Infopop Ultimate Bulletin Board 3.0
Infopop Ultimate Bulletin Board 3.01
Infopop Ultimate Bulletin Board 3.02
Infopop Ultimate Bulletin Board 3.5
Infopop Ultimate Bulletin Board 3.6
Infopop Ultimate Bulletin Board 3.7
Infopop Ultimate Bulletin Board 3.75
Infopop Ultimate Bulletin Board 4.0
Infopop Ultimate Bulletin Board 4.01
Infopop Ultimate Bulletin Board 4.02
Infopop Ultimate Bulletin Board 4.03
Infopop Ultimate Bulletin Board 4.04
Infopop Ultimate Bulletin Board 4.05
Infopop Ultimate Bulletin Board 4.06
Infopop Ultimate Bulletin Board 4.07
Infopop Ultimate Bulletin Board 4.50
Infopop Ultimate Bulletin Board 4.51
Infopop Ultimate Bulletin Board 4.52
Infopop Ultimate Bulletin Board 4.53
Infopop Ultimate Bulletin Board 4.75
4.6
CVSSv2
CVE-2002-1821
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php.
Ultimate Php Board Ultimate Php Board 1.0 Beta
Ultimate Php Board Ultimate Php Board 1.0
7.5
CVSSv2
CVE-2002-0118
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote malicious users to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
Infopop Ultimate Bulletin Board 5.4.7e
Infopop Ultimate Bulletin Board 6.0
Infopop Ultimate Bulletin Board 6.0.1
Infopop Ultimate Bulletin Board 6.0.4f
Infopop Ultimate Bulletin Board 6.0beta
Infopop Ultimate Bulletin Board 5.43
Infopop Ultimate Bulletin Board 6.2.0 Beta Release 1.0
Infopop Ultimate Bulletin Board 6.0.2
Infopop Ultimate Bulletin Board 6.0.3
1 EDB exploit
7.5
CVSSv2
CVE-2006-6381
Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter.
Ultimate Helpdesk Ultimate Helpdesk
1 EDB exploit
6.8
CVSSv2
CVE-2006-6380
Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote malicious users to inject arbitrary web script or HTML via the keyword parameter.
Ultimate Helpdesk Ultimate Helpdesk
1 EDB exploit
4.3
CVSSv2
CVE-2006-0217
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote malicious users to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the ...
Ultimate Auction Ultimate Auction 3.67
2 EDB exploits
NA
CVE-2023-2812
The Ultimate Dashboard WordPress plugin prior to 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mul...
Ultimate Dashboard Project Ultimate Dashboard
3.5
CVSSv2
CVE-2021-24817
The Ultimate NoFollow WordPress plugin up to and including 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks
Ultimate Nofollow Project Ultimate Nofollow
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »