Vulnerabilities > Yabb

DATE CVE VULNERABILITY TITLE RISK
2004-12-31 CVE-2004-2403 Unspecified vulnerability in Yabb
Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.
network
low complexity
yabb
critical
10.0
2004-12-31 CVE-2004-2402 Cross-Site Scripting vulnerability in YaBB YaBB.pl IMSend
Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter.
network
yabb
4.3
2004-12-31 CVE-2004-2140 Remote Security vulnerability in YaBB
CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable.
network
low complexity
yabb
5.0
2004-12-31 CVE-2004-2139 Input Validation vulnerability in YaBB 1 Gold
Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl.
network
low complexity
yabb
7.5
2004-11-23 CVE-2004-0344 Input Validation vulnerability in Yabb 1.5.5/1.5.5B
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a ..
network
low complexity
yabb
6.4
2004-11-23 CVE-2004-0343 Input Validation vulnerability in Yabb 1.5.4/1.5.5/1.5.5B
Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.
network
low complexity
yabb
critical
10.0
2004-11-23 CVE-2004-0294 Unspecified vulnerability in Yabb 1Goldsp1.3.1
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
network
low complexity
yabb
5.0
2004-11-23 CVE-2004-0291 SQL Injection vulnerability in YABB SE Quote Parameter
SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter.
network
low complexity
yabb
5.0
2004-08-25 CVE-2004-1662 YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message.
network
low complexity
yabb
5.0
2004-05-03 CVE-2004-1982 Unspecified vulnerability in Yabb 1Goldsp1/1Goldsp1.2
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.
network
low complexity
yabb
5.0