Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2006-3203
The installation of Ultimate PHP Board (UPB) 1.9.6 and previous versions includes a default administrator login account and password, which allows remote malicious users to gain privileges.
Ultimate Php Board Ultimate Php Board 1.9.6
Ultimate Php Board Ultimate Php Board 1.8
Ultimate Php Board Ultimate Php Board 1.8.2
Ultimate Php Board Ultimate Php Board 1.9
445
VMScore
CVE-2006-3204
Ultimate PHP Board (UPB) 1.9.6 and previous versions uses a cryptographically weak block cipher with a large key collision space, which allows remote malicious users to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, whi...
Ultimate Php Board Ultimate Php Board 1.9.6
Ultimate Php Board Ultimate Php Board 1.8
Ultimate Php Board Ultimate Php Board 1.8.2
Ultimate Php Board Ultimate Php Board 1.9
445
VMScore
CVE-2001-0897
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) prior to 5.47e allows remote malicious users to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.
Infopop Ultimate Bulletin Board 5.07
Infopop Ultimate Bulletin Board 2.11
Infopop Ultimate Bulletin Board 3.0
Infopop Ultimate Bulletin Board 3.01
Infopop Ultimate Bulletin Board 3.02
Infopop Ultimate Bulletin Board 3.5
Infopop Ultimate Bulletin Board 3.6
Infopop Ultimate Bulletin Board 3.7
Infopop Ultimate Bulletin Board 3.75
Infopop Ultimate Bulletin Board 4.0
Infopop Ultimate Bulletin Board 4.01
Infopop Ultimate Bulletin Board 4.02
Infopop Ultimate Bulletin Board 4.03
Infopop Ultimate Bulletin Board 4.04
Infopop Ultimate Bulletin Board 4.05
Infopop Ultimate Bulletin Board 4.06
Infopop Ultimate Bulletin Board 4.07
Infopop Ultimate Bulletin Board 4.50
Infopop Ultimate Bulletin Board 4.51
Infopop Ultimate Bulletin Board 4.52
Infopop Ultimate Bulletin Board 4.53
Infopop Ultimate Bulletin Board 4.75
409
VMScore
CVE-2002-1821
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php.
Ultimate Php Board Ultimate Php Board 1.0 Beta
Ultimate Php Board Ultimate Php Board 1.0
755
VMScore
CVE-2002-0118
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote malicious users to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
Infopop Ultimate Bulletin Board 5.4.7e
Infopop Ultimate Bulletin Board 6.0
Infopop Ultimate Bulletin Board 6.0.1
Infopop Ultimate Bulletin Board 6.0.4f
Infopop Ultimate Bulletin Board 6.0beta
Infopop Ultimate Bulletin Board 5.43
Infopop Ultimate Bulletin Board 6.2.0 Beta Release 1.0
Infopop Ultimate Bulletin Board 6.0.2
Infopop Ultimate Bulletin Board 6.0.3
1 EDB exploit
755
VMScore
CVE-2006-6381
Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter.
Ultimate Helpdesk Ultimate Helpdesk
1 EDB exploit
685
VMScore
CVE-2006-6380
Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote malicious users to inject arbitrary web script or HTML via the keyword parameter.
Ultimate Helpdesk Ultimate Helpdesk
1 EDB exploit
312
VMScore
CVE-2021-24817
The Ultimate NoFollow WordPress plugin up to and including 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks
Ultimate Nofollow Project Ultimate Nofollow
NA
CVE-2023-2812
The Ultimate Dashboard WordPress plugin prior to 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mul...
Ultimate Dashboard Project Ultimate Dashboard
440
VMScore
CVE-2006-0217
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote malicious users to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the ...
Ultimate Auction Ultimate Auction 3.67
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »