CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2CVE-2004-1982
https://notcve.org/view.php?id=CVE-2004-1982
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field. • http://marc.info/?l=bugtraq&m=108360430703935&w=2 http://secunia.com/advisories/12609 http://www.securityfocus.com/bid/10263 http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233 https://exchange.xforce.ibmcloud.com/vulnerabilities/16050 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2CVE-2004-0343 – YaBB SE 1.5.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-0343
Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php. • https://www.exploit-db.com/exploits/23775 http://marc.info/?l=bugtraq&m=107816202813083&w=2 http://www.securityfocus.com/bid/9774 https://exchange.xforce.ibmcloud.com/vulnerabilities/15354 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2004-0291 – YABB SE 1.5 - 'Quote' SQL Injection
https://notcve.org/view.php?id=CVE-2004-0291
SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter. Vulnerabilidad de inyección de SQL en post.php de YaBB SE 1.5.4 y 1.5.5 permite a atacantes remotos obtener el resumen digital (hash) de contraseñas. • https://www.exploit-db.com/exploits/23710 http://marc.info/?l=bugtraq&m=107696318522985&w=2 http://www.securityfocus.com/bid/9674 https://exchange.xforce.ibmcloud.com/vulnerabilities/15224 •
CVSS: 6.4EPSS: 1%CPEs: 2EXPL: 2CVE-2004-0344 – YaBB SE 1.5.x - Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2004-0344
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter. • https://www.exploit-db.com/exploits/23774 http://marc.info/?l=bugtraq&m=107816202813083&w=2 http://www.securityfocus.com/bid/9774 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2CVE-2004-1827 – YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1827
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. • https://www.exploit-db.com/exploits/23812 http://marc.info/?l=bugtraq&m=107936800226430&w=2 http://marc.info/?l=bugtraq&m=107948064923981&w=2 http://secunia.com/advisories/11128 http://securitytracker.com/id?1009427 http://www.securityfocus.com/bid/9873 http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233 https://exchange.xforce.ibmcloud.com/vulnerabilities/15488 •