CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2004-2139
https://notcve.org/view.php?id=CVE-2004-2139
31 Dec 2004 — Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl. • http://secunia.com/advisories/12609 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2140
https://notcve.org/view.php?id=CVE-2004-2140
31 Dec 2004 — CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable. • http://secunia.com/advisories/12609 •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 3CVE-2004-2402
https://notcve.org/view.php?id=CVE-2004-2402
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect. • http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 3CVE-2004-2403
https://notcve.org/view.php?id=CVE-2004-2403
31 Dec 2004 — Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters. • http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2004-1662
https://notcve.org/view.php?id=CVE-2004-1662
25 Aug 2004 — YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message. • http://echo.or.id/adv/adv05-y3dips-2004.txt •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2004-1982
https://notcve.org/view.php?id=CVE-2004-1982
03 May 2004 — Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field. • http://marc.info/?l=bugtraq&m=108360430703935&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2004-0291 – YABB SE 1.5 - 'Quote' SQL Injection
https://notcve.org/view.php?id=CVE-2004-0291
18 Mar 2004 — SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter. Vulnerabilidad de inyección de SQL en post.php de YaBB SE 1.5.4 y 1.5.5 permite a atacantes remotos obtener el resumen digital (hash) de contraseñas. • https://www.exploit-db.com/exploits/23710 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2CVE-2004-0343 – YaBB SE 1.5.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-0343
18 Mar 2004 — Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php. • https://www.exploit-db.com/exploits/23775 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 2CVE-2004-0344 – YaBB SE 1.5.x - Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2004-0344
18 Mar 2004 — Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter. • https://www.exploit-db.com/exploits/23774 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2004-1827 – YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1827
15 Mar 2004 — Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. • https://www.exploit-db.com/exploits/23812 •