Vulnerabilities > Yabb > Yabb
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2013-2057 | Unrestricted Upload of File with Dangerous Type vulnerability in Yabb 2.5.2 YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability | 7.5 |
| 2007-06-20 | CVE-2007-3295 | Local File Include vulnerability in YABB Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. | 6.5 |
| 2006-08-16 | CVE-2006-4157 | Cross-Site Scripting vulnerability in YaBBSE Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter. network yabb | 6.8 |
| 2006-06-28 | CVE-2006-3275 | SQL Injection vulnerability in Yabb 1.5.1/1.5.2/1.5.4 SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action. | 7.5 |
| 2005-12-20 | CVE-2005-4426 | HTML Injection vulnerability in YaBB Image Upload Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. | 4.0 |
| 2005-07-18 | CVE-2005-2296 | Information Disclosure vulnerability in Yabb 1.5.5C YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path. | 5.0 |
| 2005-05-02 | CVE-2005-0785 | Remote UsersRecentPosts Cross-Site Scripting vulnerability in Yabb 2.0Rc1 Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. network yabb | 4.3 |
| 2005-03-08 | CVE-2005-0741 | Remote UsersRecentPosts Cross-Site Scripting vulnerability in Yabb 2.0Rc1 Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action. network yabb | 4.3 |
| 2004-12-31 | CVE-2004-2403 | Unspecified vulnerability in Yabb Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters. | 10.0 |
| 2004-12-31 | CVE-2004-2402 | Cross-Site Scripting vulnerability in YaBB YaBB.pl IMSend Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. network yabb | 4.3 |