VYPR

Yabb

by Yabb

CVEs (28)

  • CVE-2004-2140Dec 31, 2004
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable.

  • CVE-2004-2139Dec 31, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl.

  • CVE-2004-2402Dec 31, 2004
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.

  • CVE-2004-0294Nov 23, 2004
    risk 0.00cvss epss 0.02

    YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.

  • CVE-2004-1982May 3, 2004
    risk 0.00cvss epss 0.01

    Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.

  • CVE-2003-1277Dec 31, 2003
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of…

  • CVE-2003-0275Jun 16, 2003
    risk 0.00cvss epss 0.01

    SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code.

  • CVE-2002-1846Dec 31, 2002
    risk 0.00cvss epss 0.01

    Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting…

Page 2 of 2