Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2006-3207
Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and previous versions allows remote malicious users to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CG...
Ultimate Php Board Ultimate Php Board 1.9
Ultimate Php Board Ultimate Php Board 1.9.6
Ultimate Php Board Ultimate Php Board 1.8
Ultimate Php Board Ultimate Php Board 1.8.2
578
VMScore
CVE-2006-3208
Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and previous versions allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.p...
Ultimate Php Board Ultimate Php Board 1.9.6
Ultimate Php Board Ultimate Php Board 1.8
Ultimate Php Board Ultimate Php Board 1.8.2
Ultimate Php Board Ultimate Php Board 1.9
445
VMScore
CVE-2001-0897
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) prior to 5.47e allows remote malicious users to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.
Infopop Ultimate Bulletin Board 5.07
Infopop Ultimate Bulletin Board 2.11
Infopop Ultimate Bulletin Board 3.0
Infopop Ultimate Bulletin Board 3.01
Infopop Ultimate Bulletin Board 3.02
Infopop Ultimate Bulletin Board 3.5
Infopop Ultimate Bulletin Board 3.6
Infopop Ultimate Bulletin Board 3.7
Infopop Ultimate Bulletin Board 3.75
Infopop Ultimate Bulletin Board 4.0
Infopop Ultimate Bulletin Board 4.01
Infopop Ultimate Bulletin Board 4.02
Infopop Ultimate Bulletin Board 4.03
Infopop Ultimate Bulletin Board 4.04
Infopop Ultimate Bulletin Board 4.05
Infopop Ultimate Bulletin Board 4.06
Infopop Ultimate Bulletin Board 4.07
Infopop Ultimate Bulletin Board 4.50
Infopop Ultimate Bulletin Board 4.51
Infopop Ultimate Bulletin Board 4.52
Infopop Ultimate Bulletin Board 4.53
Infopop Ultimate Bulletin Board 4.75
409
VMScore
CVE-2002-1821
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php.
Ultimate Php Board Ultimate Php Board 1.0 Beta
Ultimate Php Board Ultimate Php Board 1.0
755
VMScore
CVE-2002-0118
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote malicious users to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
Infopop Ultimate Bulletin Board 5.4.7e
Infopop Ultimate Bulletin Board 6.0
Infopop Ultimate Bulletin Board 6.0.1
Infopop Ultimate Bulletin Board 6.0.4f
Infopop Ultimate Bulletin Board 6.0beta
Infopop Ultimate Bulletin Board 5.43
Infopop Ultimate Bulletin Board 6.2.0 Beta Release 1.0
Infopop Ultimate Bulletin Board 6.0.2
Infopop Ultimate Bulletin Board 6.0.3
1 EDB exploit
755
VMScore
CVE-2006-6381
Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter.
Ultimate Helpdesk Ultimate Helpdesk
1 EDB exploit
685
VMScore
CVE-2006-6380
Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote malicious users to inject arbitrary web script or HTML via the keyword parameter.
Ultimate Helpdesk Ultimate Helpdesk
1 EDB exploit
312
VMScore
CVE-2021-24817
The Ultimate NoFollow WordPress plugin up to and including 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks
Ultimate Nofollow Project Ultimate Nofollow
440
VMScore
CVE-2006-0217
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote malicious users to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the ...
Ultimate Auction Ultimate Auction 3.67
2 EDB exploits
NA
CVE-2023-2812
The Ultimate Dashboard WordPress plugin prior to 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mul...
Ultimate Dashboard Project Ultimate Dashboard
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »