CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2057
https://notcve.org/view.php?id=CVE-2013-2057
YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability YaBB versiones hasta 2.5.2: Vulnerabilidad de Inclusión de Archivo Local del Parámetro de Cookie "guestlanguage". • http://www.openwall.com/lists/oss-security/2013/05/05/1 http://www.securityfocus.com/bid/59643 https://exchange.xforce.ibmcloud.com/vulnerabilities/84034 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-3275
https://notcve.org/view.php?id=CVE-2006-3275
SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action. Vulnerabilidad de inyección SQL en profile.php en YaBB SE v1.5.5 y anteriores permite a atacantes remotos ejecutar comandos SQL a través de parámetros de usuario double-encoded en una acción viewprofile. • http://marc.info/?l=full-disclosure&m=115102378824221&w=2 http://secunia.com/advisories/20780 http://www.securityfocus.com/bid/18625 http://www.vupen.com/english/advisories/2006/2504 https://exchange.xforce.ibmcloud.com/vulnerabilities/27331 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 2CVE-2004-2754 – YABB SE 1.x - 'SSI.php' ID_MEMBER SQL Injection
https://notcve.org/view.php?id=CVE-2004-2754
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. • https://www.exploit-db.com/exploits/23554 http://securityreason.com/securityalert/3371 http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105 http://www.osvdb.org/3618 http://www.securityfocus.com/archive/1/350244 http://www.securityfocus.com/bid/9449 http://www.securitytracker.com/id?1008764 http://www.yabbse.org/community/index.php?thread=27122 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2003-1277
https://notcve.org/view.php?id=CVE-2003-1277
Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html • http://www.iss.net/security_center/static/10989.php http://www.iss.net/security_center/static/10990.php http://www.securiteam.com/unixfocus/5BP051F8VE.html http://www.securiteam.com/unixfocus/5BP061F8US.html •
CVSS: 7.5EPSS: 9%CPEs: 4EXPL: 3CVE-2002-0117 – YaBB 9.1.2000 - Cross-Agent Scripting
https://notcve.org/view.php?id=CVE-2002-0117
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. Vulnerabilidad Cross-site todavía en el Bulletin Board de (YaBB) 1 Gold SP 1 y anteriores permite a atacantes remotos ejecutar scripts arbitrarios y cookiess de robo vía un mensaje que contiene Javascript codificado en una etiqueta IMG. • https://www.exploit-db.com/exploits/21208 http://online.securityfocus.com/archive/1/249031 http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828 http://www.iss.net/security_center/static/7840.php http://www.osvdb.org/2019 http://www.yabbforum.com •