CVE-2005-2061 | Vulnerability Database | Aqua Security

Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte.

Affected Software

Name	Vendor	Start Version	End Version
Ubb.threads	Ubbcentral	6.0 (including)	6.0 (including)
Ubb.threads	Ubbcentral	6.0.1 (including)	6.0.1 (including)
Ubb.threads	Ubbcentral	6.0.2 (including)	6.0.2 (including)
Ubb.threads	Ubbcentral	6.0.3 (including)	6.0.3 (including)
Ubb.threads	Ubbcentral	6.1 (including)	6.1 (including)
Ubb.threads	Ubbcentral	6.1.1 (including)	6.1.1 (including)
Ubb.threads	Ubbcentral	6.2 (including)	6.2 (including)
Ubb.threads	Ubbcentral	6.2.1 (including)	6.2.1 (including)
Ubb.threads	Ubbcentral	6.2.2 (including)	6.2.2 (including)
Ubb.threads	Ubbcentral	6.2.3 (including)	6.2.3 (including)
Ubb.threads	Ubbcentral	6.3 (including)	6.3 (including)
Ubb.threads	Ubbcentral	6.3.1 (including)	6.3.1 (including)
Ubb.threads	Ubbcentral	6.4 (including)	6.4 (including)
Ubb.threads	Ubbcentral	6.4.1 (including)	6.4.1 (including)
Ubb.threads	Ubbcentral	6.4.2 (including)	6.4.2 (including)
Ubb.threads	Ubbcentral	6.4.3 (including)	6.4.3 (including)
Ubb.threads	Ubbcentral	6.4.4 (including)	6.4.4 (including)
Ubb.threads	Ubbcentral	6.5 (including)	6.5 (including)
Ubb.threads	Ubbcentral	6.5.1 (including)	6.5.1 (including)
Ubb.threads	Ubbcentral	6.5.1.1 (including)	6.5.1.1 (including)

References

http://marc.info/?l=bugtraq\u0026m=111963737202040\u0026w=2
http://www.gulftech.org/?node=research\u0026article_id=00084-06232005
http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351
http://marc.info/?l=bugtraq\u0026m=111963737202040\u0026w=2
http://www.gulftech.org/?node=research\u0026article_id=00084-06232005
http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2061
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html