Page 5 of 29 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html • http://www.iss.net/security_center/static/10989.php http://www.iss.net/security_center/static/10990.php http://www.securiteam.com/unixfocus/5BP051F8VE.html http://www.securiteam.com/unixfocus/5BP061F8US.html •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. SSI.php en YaBB SE 1.5.2 permite que atacantes remotos ejecuten código PHP arbitrario modificando el parámetro "sourcedir" para referenciar una URL en un servidor web remoto que contiene el código. • http://marc.info/?l=bugtraq&m=105249980809988&w=2 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter. • https://www.exploit-db.com/exploits/22052 http://archives.neohapsis.com/archives/bugtraq/2002-12/0003.html http://www.securityfocus.com/bid/6272 https://exchange.xforce.ibmcloud.com/vulnerabilities/10737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter. • https://www.exploit-db.com/exploits/21950 http://online.securityfocus.com/archive/1/296121 http://www.iss.net/security_center/static/10406.php http://www.securityfocus.com/bid/6004 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php. • http://online.securityfocus.com/archive/1/296121 •