Yabb
by Yabb
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-2140 | 0.00 | — | 0.01 | Dec 31, 2004 | CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable. | |||
| CVE-2004-2139 | 0.00 | — | 0.02 | Dec 31, 2004 | Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl. | |||
| CVE-2004-2402 | 0.00 | — | 0.01 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect. | |||
| CVE-2004-0294 | 0.00 | — | 0.02 | Nov 23, 2004 | YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack. | |||
| CVE-2004-1982 | 0.00 | — | 0.01 | May 3, 2004 | Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field. | |||
| CVE-2003-1277 | 0.00 | — | 0.01 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of… | |||
| CVE-2003-0275 | 0.00 | — | 0.01 | Jun 16, 2003 | SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. | |||
| CVE-2002-1846 | 0.00 | — | 0.01 | Dec 31, 2002 | Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting… |
- CVE-2004-2140Dec 31, 2004risk 0.00cvss —epss 0.01
CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable.
- CVE-2004-2139Dec 31, 2004risk 0.00cvss —epss 0.02
Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl.
- CVE-2004-2402Dec 31, 2004risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.
- CVE-2004-0294Nov 23, 2004risk 0.00cvss —epss 0.02
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
- CVE-2004-1982May 3, 2004risk 0.00cvss —epss 0.01
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.
- CVE-2003-1277Dec 31, 2003risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of…
- CVE-2003-0275Jun 16, 2003risk 0.00cvss —epss 0.01
SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code.
- CVE-2002-1846Dec 31, 2002risk 0.00cvss —epss 0.01
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting…
Page 2 of 2