CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 3CVE-2004-2403
https://notcve.org/view.php?id=CVE-2004-2403
Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters. • http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html http://secunia.com/advisories/12593 http://www.osvdb.org/10243 http://www.securityfocus.com/bid/11214 https://exchange.xforce.ibmcloud.com/vulnerabilities/17453 •
CVSS: 4.3EPSS: 1%CPEs: 10EXPL: 3CVE-2004-2402
https://notcve.org/view.php?id=CVE-2004-2402
Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect. • http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html http://secunia.com/advisories/12593 http://www.osvdb.org/10242 http://www.securityfocus.com/bid/11215 https://exchange.xforce.ibmcloud.com/vulnerabilities/17452 •
CVSS: 7.5EPSS: 9%CPEs: 4EXPL: 3CVE-2002-0117 – YaBB 9.1.2000 - Cross-Agent Scripting
https://notcve.org/view.php?id=CVE-2002-0117
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. Vulnerabilidad Cross-site todavía en el Bulletin Board de (YaBB) 1 Gold SP 1 y anteriores permite a atacantes remotos ejecutar scripts arbitrarios y cookiess de robo vía un mensaje que contiene Javascript codificado en una etiqueta IMG. • https://www.exploit-db.com/exploits/21208 http://online.securityfocus.com/archive/1/249031 http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828 http://www.iss.net/security_center/static/7840.php http://www.osvdb.org/2019 http://www.yabbforum.com •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 3CVE-2000-1176 – YaBB 9.11.2000 - 'search.pl' Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2000-1176
Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch" form field. • https://www.exploit-db.com/exploits/20387 http://archives.neohapsis.com/archives/bugtraq/2000-11/0110.html http://www.securityfocus.com/bid/1921 •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2CVE-2000-0853 – YaBB 9.1.2000 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2000-0853
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. • https://www.exploit-db.com/exploits/20218 http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html http://www.securityfocus.com/bid/1668 https://exchange.xforce.ibmcloud.com/vulnerabilities/5254 •