1.41

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

yabb

NVD

Published: 2002-12-31

Updated: 2024-11-20

Summary

Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php.

Vulnerable Configurations

Part	Description	Count
Application	Yabb Yabb Yabb 1.40 Yabb Yabb 1.41	2

References

http://online.securityfocus.com/archive/1/296121
http://online.securityfocus.com/archive/1/296121