CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2004-0291 – YABB SE 1.5 - 'Quote' SQL Injection
https://notcve.org/view.php?id=CVE-2004-0291
SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter. Vulnerabilidad de inyección de SQL en post.php de YaBB SE 1.5.4 y 1.5.5 permite a atacantes remotos obtener el resumen digital (hash) de contraseñas. • https://www.exploit-db.com/exploits/23710 http://marc.info/?l=bugtraq&m=107696318522985&w=2 http://www.securityfocus.com/bid/9674 https://exchange.xforce.ibmcloud.com/vulnerabilities/15224 •
CVSS: 6.4EPSS: 1%CPEs: 2EXPL: 2CVE-2004-0344 – YaBB SE 1.5.x - Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2004-0344
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter. • https://www.exploit-db.com/exploits/23774 http://marc.info/?l=bugtraq&m=107816202813083&w=2 http://www.securityfocus.com/bid/9774 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2CVE-2004-1827 – YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1827
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. • https://www.exploit-db.com/exploits/23812 http://marc.info/?l=bugtraq&m=107936800226430&w=2 http://marc.info/?l=bugtraq&m=107948064923981&w=2 http://secunia.com/advisories/11128 http://securitytracker.com/id?1009427 http://www.securityfocus.com/bid/9873 http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233 https://exchange.xforce.ibmcloud.com/vulnerabilities/15488 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2003-1277
https://notcve.org/view.php?id=CVE-2003-1277
Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html • http://www.iss.net/security_center/static/10989.php http://www.iss.net/security_center/static/10990.php http://www.securiteam.com/unixfocus/5BP051F8VE.html http://www.securiteam.com/unixfocus/5BP061F8US.html •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0275
https://notcve.org/view.php?id=CVE-2003-0275
SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. SSI.php en YaBB SE 1.5.2 permite que atacantes remotos ejecuten código PHP arbitrario modificando el parámetro "sourcedir" para referenciar una URL en un servidor web remoto que contiene el código. • http://marc.info/?l=bugtraq&m=105249980809988&w=2 •