Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2755

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-2755
Last Modified 05 Sep 2008 05:05:21
Published 01 Jun 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2755

Summary

Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords.

Vulnerable Systems

Application

  • Ubbcentral Ubb.threads 5.0

  • Ubbcentral Ubb.threads 5.5.1

  • Ubbcentral Ubb.threads 6.0

  • Ubbcentral Ubb.threads 6.0.1

  • Ubbcentral Ubb.threads 6.0.2

  • Ubbcentral Ubb.threads 6.0.3

  • Ubbcentral Ubb.threads 6.1

  • Ubbcentral Ubb.threads 6.1.1

  • Ubbcentral Ubb.threads 6.2

  • Ubbcentral Ubb.threads 6.2.1

  • Ubbcentral Ubb.threads 6.2.2

  • Ubbcentral Ubb.threads 6.2.3

  • Ubbcentral Ubb.threads 6.3

  • Ubbcentral Ubb.threads 6.3.1

  • Ubbcentral Ubb.threads 6.4

  • Ubbcentral Ubb.threads 6.4.1

  • Ubbcentral Ubb.threads 6.4.2

  • Ubbcentral Ubb.threads 6.4.3

  • Ubbcentral Ubb.threads 6.4.4

  • Ubbcentral Ubb.threads 6.5

  • Ubbcentral Ubb.threads 6.5.1

  • Ubbcentral Ubb.threads 6.5.1.1

  • Ubbcentral Ubb.threads 6.5.2

  • Ubbcentral Ubb.threads 6.5.2 Beta2

  • Ubbcentral Ubb.threads 6.5.3


References

BID - 18152

BUGTRAQ - 20060529 UBBThreads 5.x,6.x md5 hash disclosure

BUGTRAQ - 20060528 Advisory: UBBThreads 5.x,6.x Multiple File InclusionVulnerabilities.

MISC - http://www.nukedx.com/?viewdoc=40

XF - ubbthreads-index-xss(26870)

SREASON - 1007


Last Updated: 27 May 2016 10:42:44