VYPR

Yet Another Bulletin Board

by Yabb

CVEs (2)

  • CVE-2004-0294Nov 23, 2004
    risk 0.00cvss epss 0.02

    YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.

  • CVE-2002-1846Dec 31, 2002
    risk 0.00cvss epss 0.01

    Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting…