CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2013-2057
https://notcve.org/view.php?id=CVE-2013-2057
11 Feb 2020 — YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability YaBB versiones hasta 2.5.2: Vulnerabilidad de Inclusión de Archivo Local del Parámetro de Cookie "guestlanguage". • http://www.openwall.com/lists/oss-security/2013/05/05/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 2CVE-2006-4157 – YaBBSE 1.x - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-4157
16 Aug 2006 — Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en Yet another Bulletin Board (YaBB) permite a atacantes remotos iynectar secuencias de comandos web o HTML de su elección a través del parámetro categories. • https://www.exploit-db.com/exploits/28371 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2006-3275
https://notcve.org/view.php?id=CVE-2006-3275
28 Jun 2006 — SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action. Vulnerabilidad de inyección SQL en profile.php en YaBB SE v1.5.5 y anteriores permite a atacantes remotos ejecutar comandos SQL a través de parámetros de usuario double-encoded en una acción viewprofile. • http://marc.info/?l=full-disclosure&m=115102378824221&w=2 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2004-1662
https://notcve.org/view.php?id=CVE-2004-1662
25 Aug 2004 — YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message. • http://echo.or.id/adv/adv05-y3dips-2004.txt •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2004-0291 – YABB SE 1.5 - 'Quote' SQL Injection
https://notcve.org/view.php?id=CVE-2004-0291
18 Mar 2004 — SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter. Vulnerabilidad de inyección de SQL en post.php de YaBB SE 1.5.4 y 1.5.5 permite a atacantes remotos obtener el resumen digital (hash) de contraseñas. • https://www.exploit-db.com/exploits/23710 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2CVE-2004-0343 – YaBB SE 1.5.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-0343
18 Mar 2004 — Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php. • https://www.exploit-db.com/exploits/23775 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 2CVE-2004-0344 – YaBB SE 1.5.x - Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2004-0344
18 Mar 2004 — Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter. • https://www.exploit-db.com/exploits/23774 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2004-1827 – YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1827
15 Mar 2004 — Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. • https://www.exploit-db.com/exploits/23812 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2003-1277
https://notcve.org/view.php?id=CVE-2003-1277
31 Dec 2003 — Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html • http://www.iss.net/security_center/static/10989.php •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0275
https://notcve.org/view.php?id=CVE-2003-0275
14 May 2003 — SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. SSI.php en YaBB SE 1.5.2 permite que atacantes remotos ejecuten código PHP arbitrario modificando el parámetro "sourcedir" para referenciar una URL en un servidor web remoto que contiene el código. • http://marc.info/?l=bugtraq&m=105249980809988&w=2 •