Vulnerabilities > Yabb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-20 | CVE-2007-3295 | Local File Include vulnerability in YABB Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. | 6.5 |
| 2006-08-16 | CVE-2006-4157 | Cross-Site Scripting vulnerability in YaBBSE Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter. network yabb | 6.8 |
| 2005-12-20 | CVE-2005-4426 | HTML Injection vulnerability in YaBB Image Upload Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. | 4.0 |
| 2005-07-18 | CVE-2005-2296 | Information Disclosure vulnerability in Yabb 1.5.5C YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path. | 5.0 |
| 2005-05-02 | CVE-2005-0785 | Remote UsersRecentPosts Cross-Site Scripting vulnerability in Yabb 2.0Rc1 Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. network yabb | 4.3 |
| 2005-03-08 | CVE-2005-0741 | Remote UsersRecentPosts Cross-Site Scripting vulnerability in Yabb 2.0Rc1 Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action. network yabb | 4.3 |
| 2004-12-31 | CVE-2004-2402 | Cross-Site Scripting vulnerability in YaBB YaBB.pl IMSend Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. network yabb | 4.3 |
| 2004-11-23 | CVE-2004-0344 | Input Validation vulnerability in Yabb 1.5.5/1.5.5B Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. | 6.4 |
| 2004-11-23 | CVE-2004-0291 | SQL Injection vulnerability in YABB SE Quote Parameter SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter. | 5.0 |
| 2004-08-25 | CVE-2004-1662 | YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message. | 5.0 |