Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ubb.threads | Ubbcentral | 6.5 | 6.5 |
Ubb.threads | Ubbcentral | 6.5.1 | 6.5.1 |
Ubb.threads | Ubbcentral | 6.1 | 6.1 |
Ubb.threads | Ubbcentral | 6.2.1 | 6.2.1 |
Ubb.threads | Ubbcentral | 6.0.1 | 6.0.1 |
Ubb.threads | Ubbcentral | 6.4.4 | 6.4.4 |
Ubb.threads | Ubbcentral | 6.4.3 | 6.4.3 |
Ubb.threads | Ubbcentral | 6.4.2 | 6.4.2 |
Ubb.threads | Ubbcentral | 6.4.1 | 6.4.1 |
Ubb.threads | Ubbcentral | 6.2.2 | 6.2.2 |
Ubb.threads | Ubbcentral | 6.2 | 6.2 |
Ubb.threads | Ubbcentral | 6.5.1.1 | 6.5.1.1 |
Ubb.threads | Ubbcentral | 6.0.3 | 6.0.3 |
Ubb.threads | Ubbcentral | 6.1.1 | 6.1.1 |
Ubb.threads | Ubbcentral | 6.4 | 6.4 |
Ubb.threads | Ubbcentral | 6.3.1 | 6.3.1 |
Ubb.threads | Ubbcentral | 6.0.2 | 6.0.2 |
Ubb.threads | Ubbcentral | 6.3 | 6.3 |
Ubb.threads | Ubbcentral | 6.2.3 | 6.2.3 |
Ubb.threads | Ubbcentral | 6.0 | 6.0 |