CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0275
https://notcve.org/view.php?id=CVE-2003-0275
SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. SSI.php en YaBB SE 1.5.2 permite que atacantes remotos ejecuten código PHP arbitrario modificando el parámetro "sourcedir" para referenciar una URL en un servidor web remoto que contiene el código. • http://marc.info/?l=bugtraq&m=105249980809988&w=2 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2002-2296 – YaBB 1 Gold SP 1 - 'YaBB.pl' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2296
Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter. • https://www.exploit-db.com/exploits/22052 http://archives.neohapsis.com/archives/bugtraq/2002-12/0003.html http://www.securityfocus.com/bid/6272 https://exchange.xforce.ibmcloud.com/vulnerabilities/10737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2002-1845 – YaBB 1.40/1.41 - Login Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1845
Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter. • https://www.exploit-db.com/exploits/21950 http://online.securityfocus.com/archive/1/296121 http://www.iss.net/security_center/static/10406.php http://www.securityfocus.com/bid/6004 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1846
https://notcve.org/view.php?id=CVE-2002-1846
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php. • http://online.securityfocus.com/archive/1/296121 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 2CVE-2002-0955 – YaBB 1 - Invalid Topic Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0955
Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message. • https://www.exploit-db.com/exploits/21573 http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.html http://www.iss.net/security_center/static/9408.php http://www.securityfocus.com/bid/5078 •