Total
28 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0291 | 1 Yabb | 1 Yabb | 2023-12-10 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter. | |||||
CVE-2004-2140 | 1 Yabb | 1 Yabb | 2023-12-10 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable. | |||||
CVE-2004-2139 | 1 Yabb | 1 Yabb | 2023-12-10 | 7.5 HIGH | N/A |
Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl. | |||||
CVE-2003-1277 | 1 Yabb | 1 Yabb | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html | |||||
CVE-2004-1662 | 1 Yabb | 1 Yabb | 2023-12-10 | 5.0 MEDIUM | N/A |
YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message. | |||||
CVE-2000-0853 | 1 Yabb | 1 Yabb | 2023-12-10 | 5.0 MEDIUM | N/A |
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-2002-0117 | 1 Yabb | 1 Yabb | 2023-12-10 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. | |||||
CVE-2004-1827 | 2 Simple Machines, Yabb | 2 Simple Machines Smf, Yabb | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. |