CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2013-2057
https://notcve.org/view.php?id=CVE-2013-2057
11 Feb 2020 — YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability YaBB versiones hasta 2.5.2: Vulnerabilidad de Inclusión de Archivo Local del Parámetro de Cookie "guestlanguage". • http://www.openwall.com/lists/oss-security/2013/05/05/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2007-3295
https://notcve.org/view.php?id=CVE-2007-3295
20 Jun 2007 — Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder... • http://osvdb.org/37238 •
CVSS: 10.0EPSS: 12%CPEs: 1EXPL: 0CVE-2007-3208
https://notcve.org/view.php?id=CVE-2007-3208
14 Jun 2007 — CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code. Vulnerabilidad de inyección CRLF en Yet another Bulletin Board (YaBB) 2.1 permite a atacantes remotos obtener acceso de administrador a través de respuestas en (1) register.pl o (2) profile.pl que escribe secuencias CRLF en un archivo .va... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538 •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 2CVE-2006-4157 – YaBBSE 1.x - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-4157
16 Aug 2006 — Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en Yet another Bulletin Board (YaBB) permite a atacantes remotos iynectar secuencias de comandos web o HTML de su elección a través del parámetro categories. • https://www.exploit-db.com/exploits/28371 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2006-3275
https://notcve.org/view.php?id=CVE-2006-3275
28 Jun 2006 — SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action. Vulnerabilidad de inyección SQL en profile.php en YaBB SE v1.5.5 y anteriores permite a atacantes remotos ejecutar comandos SQL a través de parámetros de usuario double-encoded en una acción viewprofile. • http://marc.info/?l=full-disclosure&m=115102378824221&w=2 •
CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0CVE-2005-4426
https://notcve.org/view.php?id=CVE-2005-4426
20 Dec 2005 — Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB. • http://secunia.com/advisories/17411 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2296
https://notcve.org/view.php?id=CVE-2005-2296
17 Jul 2005 — YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path. YabbSE 1.5.5c permite que atacantes remotos obtengan información confidencial mediante una petición directa a "ssi_examples.php" (ya que revela el path). • http://marc.info/?l=bugtraq&m=112137300014760&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2005-0785
https://notcve.org/view.php?id=CVE-2005-0785
20 Mar 2005 — Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. • http://marc.info/?l=bugtraq&m=111083400601759&w=2 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2005-0741 – YaBB 2.0 - Remote UsersRecentPosts Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-0741
08 Mar 2005 — Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action. • https://www.exploit-db.com/exploits/25199 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2004-2139
https://notcve.org/view.php?id=CVE-2004-2139
31 Dec 2004 — Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl. • http://secunia.com/advisories/12609 •