Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ultimate vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2006-3208
Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and previous versions allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.p...
Ultimate Php Board Ultimate Php Board 1.9.6
Ultimate Php Board Ultimate Php Board 1.8
Ultimate Php Board Ultimate Php Board 1.8.2
Ultimate Php Board Ultimate Php Board 1.9
445
VMScore
CVE-2005-2005
Ultimate PHP Board (UPB) 1.9.6 GOLD and previous versions stores the users.dat file under the web document root with insufficient access control, which allows remote malicious users to obtain sensitive information on registered users via a direct request to db/users.dat.
Ultimate Php Board Ultimate Php Board 1.8
Ultimate Php Board Ultimate Php Board 1.8.2
Ultimate Php Board Ultimate Php Board 1.9
Ultimate Php Board Ultimate Php Board 1.9.6
445
VMScore
CVE-2001-0897
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) prior to 5.47e allows remote malicious users to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.
Infopop Ultimate Bulletin Board 5.07
Infopop Ultimate Bulletin Board 2.11
Infopop Ultimate Bulletin Board 3.0
Infopop Ultimate Bulletin Board 3.01
Infopop Ultimate Bulletin Board 3.02
Infopop Ultimate Bulletin Board 3.5
Infopop Ultimate Bulletin Board 3.6
Infopop Ultimate Bulletin Board 3.7
Infopop Ultimate Bulletin Board 3.75
Infopop Ultimate Bulletin Board 4.0
Infopop Ultimate Bulletin Board 4.01
Infopop Ultimate Bulletin Board 4.02
Infopop Ultimate Bulletin Board 4.03
Infopop Ultimate Bulletin Board 4.04
Infopop Ultimate Bulletin Board 4.05
Infopop Ultimate Bulletin Board 4.06
Infopop Ultimate Bulletin Board 4.07
Infopop Ultimate Bulletin Board 4.50
Infopop Ultimate Bulletin Board 4.51
Infopop Ultimate Bulletin Board 4.52
Infopop Ultimate Bulletin Board 4.53
Infopop Ultimate Bulletin Board 4.75
409
VMScore
CVE-2002-1821
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php.
Ultimate Php Board Ultimate Php Board 1.0 Beta
Ultimate Php Board Ultimate Php Board 1.0
755
VMScore
CVE-2002-0118
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote malicious users to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
Infopop Ultimate Bulletin Board 5.4.7e
Infopop Ultimate Bulletin Board 6.0
Infopop Ultimate Bulletin Board 6.0.1
Infopop Ultimate Bulletin Board 6.0.4f
Infopop Ultimate Bulletin Board 6.0beta
Infopop Ultimate Bulletin Board 5.43
Infopop Ultimate Bulletin Board 6.2.0 Beta Release 1.0
Infopop Ultimate Bulletin Board 6.0.2
Infopop Ultimate Bulletin Board 6.0.3
1 EDB exploit
685
VMScore
CVE-2006-6380
Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote malicious users to inject arbitrary web script or HTML via the keyword parameter.
Ultimate Helpdesk Ultimate Helpdesk
1 EDB exploit
755
VMScore
CVE-2006-6381
Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter.
Ultimate Helpdesk Ultimate Helpdesk
1 EDB exploit
NA
CVE-2023-2812
The Ultimate Dashboard WordPress plugin prior to 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mul...
Ultimate Dashboard Project Ultimate Dashboard
440
VMScore
CVE-2006-0217
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote malicious users to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the ...
Ultimate Auction Ultimate Auction 3.67
2 EDB exploits
312
VMScore
CVE-2021-24817
The Ultimate NoFollow WordPress plugin up to and including 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks
Ultimate Nofollow Project Ultimate Nofollow
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »