11 results (0.012 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability YaBB versiones hasta 2.5.2: Vulnerabilidad de Inclusión de Archivo Local del Parámetro de Cookie "guestlanguage". • http://www.openwall.com/lists/oss-security/2013/05/05/1 http://www.securityfocus.com/bid/59643 https://exchange.xforce.ibmcloud.com/vulnerabilities/84034 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 2

Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en Yet another Bulletin Board (YaBB) permite a atacantes remotos iynectar secuencias de comandos web o HTML de su elección a través del parámetro categories. • https://www.exploit-db.com/exploits/28371 http://securitytracker.com/id?1016684 http://www.securityfocus.com/archive/1/442817/100/0/threaded http://www.securityfocus.com/bid/19460 https://exchange.xforce.ibmcloud.com/vulnerabilities/28324 •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action. Vulnerabilidad de inyección SQL en profile.php en YaBB SE v1.5.5 y anteriores permite a atacantes remotos ejecutar comandos SQL a través de parámetros de usuario double-encoded en una acción viewprofile. • http://marc.info/?l=full-disclosure&m=115102378824221&w=2 http://secunia.com/advisories/20780 http://www.securityfocus.com/bid/18625 http://www.vupen.com/english/advisories/2006/2504 https://exchange.xforce.ibmcloud.com/vulnerabilities/27331 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message. • http://echo.or.id/adv/adv05-y3dips-2004.txt http://marc.info/?l=bugtraq&m=109441750900432&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17267 •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php. • https://www.exploit-db.com/exploits/23775 http://marc.info/?l=bugtraq&m=107816202813083&w=2 http://www.securityfocus.com/bid/9774 https://exchange.xforce.ibmcloud.com/vulnerabilities/15354 •