Show filters
28 Total Results
Displaying 11-20 of 28
Sort by:
Attacker Value
Unknown

CVE-2004-2402

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.
0
0
Attacker Value
Unknown

CVE-2004-2403

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.
0
0
Attacker Value
Unknown

CVE-2004-2139

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl.
0
0
Attacker Value
Unknown

CVE-2004-2754

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
0
0
Attacker Value
Unknown

CVE-2004-0344

Disclosure Date: November 23, 2004 (last updated February 22, 2025)
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
0
0
Attacker Value
Unknown

CVE-2004-0343

Disclosure Date: November 23, 2004 (last updated February 22, 2025)
Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.
0
0
Attacker Value
Unknown

CVE-2004-0291

Disclosure Date: November 23, 2004 (last updated February 22, 2025)
SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter.
0
0
Attacker Value
Unknown

CVE-2004-1982

Disclosure Date: May 03, 2004 (last updated February 22, 2025)
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.
0
0
Attacker Value
Unknown

CVE-2004-1827

Disclosure Date: March 15, 2004 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.
0
0
Attacker Value
Unknown

CVE-2003-1277

Disclosure Date: December 31, 2003 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html
0
0
View More Topics  < Previous  Next >