Search criteria
29 vulnerabilities by yabb
CVE-2013-2057 (GCVE-0-2013-2057)
Vulnerability from cvelistv5 – Published: 2020-02-11 17:41 – Updated: 2024-08-06 15:20
VLAI?
Summary
YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability
Severity ?
No CVSS data available.
CWE
- Local File Include
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59643"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84034"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/05/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "YaBB",
"vendor": "YaBB",
"versions": [
{
"status": "affected",
"version": "through 2.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "YaBB through 2.5.2: \u0027guestlanguage\u0027 Cookie Parameter Local File Include Vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local File Include",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T17:41:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/59643"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84034"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/05/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "YaBB",
"version": {
"version_data": [
{
"version_value": "through 2.5.2"
}
]
}
}
]
},
"vendor_name": "YaBB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "YaBB through 2.5.2: \u0027guestlanguage\u0027 Cookie Parameter Local File Include Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local File Include"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/59643",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/59643"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84034",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84034"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/05/05/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/05/05/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2057",
"datePublished": "2020-02-11T17:41:01",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2754 (GCVE-0-2004-2754)
Vulnerability from cvelistv5 – Published: 2007-11-15 23:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040119 Yabb SE SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/350244"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=210608\u0026group_id=57105"
},
{
"name": "3618",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3618"
},
{
"name": "9449",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9449"
},
{
"name": "3371",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3371"
},
{
"name": "1008764",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1008764"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.yabbse.org/community/index.php?thread=27122"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040119 Yabb SE SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/350244"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=210608\u0026group_id=57105"
},
{
"name": "3618",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3618"
},
{
"name": "9449",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9449"
},
{
"name": "3371",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3371"
},
{
"name": "1008764",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1008764"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.yabbse.org/community/index.php?thread=27122"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040119 Yabb SE SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/350244"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=210608\u0026group_id=57105",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=210608\u0026group_id=57105"
},
{
"name": "3618",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3618"
},
{
"name": "9449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9449"
},
{
"name": "3371",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3371"
},
{
"name": "1008764",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1008764"
},
{
"name": "http://www.yabbse.org/community/index.php?thread=27122",
"refsource": "MISC",
"url": "http://www.yabbse.org/community/index.php?thread=27122"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2754",
"datePublished": "2007-11-15T23:00:00",
"dateReserved": "2007-11-15T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2296 (GCVE-0-2002-2296)
Vulnerability from cvelistv5 – Published: 2007-10-18 10:00 – Updated: 2024-08-08 03:59
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021201 Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0003.html"
},
{
"name": "6272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6272"
},
{
"name": "yabb-xphp-xss(10737)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10737"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021201 Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0003.html"
},
{
"name": "6272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6272"
},
{
"name": "yabb-xphp-xss(10737)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10737"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021201 Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1!",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0003.html"
},
{
"name": "6272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6272"
},
{
"name": "yabb-xphp-xss(10737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10737"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2296",
"datePublished": "2007-10-18T10:00:00",
"dateReserved": "2007-10-17T00:00:00",
"dateUpdated": "2024-08-08T03:59:11.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3295 (GCVE-0-2007-3295)
Vulnerability from cvelistv5 – Published: 2007-06-20 21:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder, modifying English/HelpCentre.lng file to contain Perl statements, and then invoking the help action in YaBB.pl.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24529",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24529"
},
{
"name": "37238",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37238"
},
{
"name": "yabb-multiple-language-file-include(34932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34932"
},
{
"name": "25734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25734"
},
{
"name": "2818",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2818"
},
{
"name": "20070619 Local File Include Vulnerabilities in YaBB \u003c= 2.1(all version)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471733/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder, modifying English/HelpCentre.lng file to contain Perl statements, and then invoking the help action in YaBB.pl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24529",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24529"
},
{
"name": "37238",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37238"
},
{
"name": "yabb-multiple-language-file-include(34932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34932"
},
{
"name": "25734",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25734"
},
{
"name": "2818",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2818"
},
{
"name": "20070619 Local File Include Vulnerabilities in YaBB \u003c= 2.1(all version)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471733/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder, modifying English/HelpCentre.lng file to contain Perl statements, and then invoking the help action in YaBB.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24529"
},
{
"name": "37238",
"refsource": "OSVDB",
"url": "http://osvdb.org/37238"
},
{
"name": "yabb-multiple-language-file-include(34932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34932"
},
{
"name": "25734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25734"
},
{
"name": "2818",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2818"
},
{
"name": "20070619 Local File Include Vulnerabilities in YaBB \u003c= 2.1(all version)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471733/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3295",
"datePublished": "2007-06-20T21:00:00",
"dateReserved": "2007-06-20T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3208 (GCVE-0-2007-3208)
Vulnerability from cvelistv5 – Published: 2007-06-14 19:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018236",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018236"
},
{
"name": "24455",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24455"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yabbforum.com/community/?board=general%3Baction=display%3Bnum=1181678785"
},
{
"name": "37237",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37237"
},
{
"name": "20070612 YaBB Forum member.vars CRLF",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538"
},
{
"name": "25656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25656"
},
{
"name": "yabb-vars-privilege-escalation(34848)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34848"
},
{
"name": "37236",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37236"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018236",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018236"
},
{
"name": "24455",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24455"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yabbforum.com/community/?board=general%3Baction=display%3Bnum=1181678785"
},
{
"name": "37237",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37237"
},
{
"name": "20070612 YaBB Forum member.vars CRLF",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538"
},
{
"name": "25656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25656"
},
{
"name": "yabb-vars-privilege-escalation(34848)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34848"
},
{
"name": "37236",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37236"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018236",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018236"
},
{
"name": "24455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24455"
},
{
"name": "http://www.yabbforum.com/community/?board=general;action=display;num=1181678785",
"refsource": "CONFIRM",
"url": "http://www.yabbforum.com/community/?board=general;action=display;num=1181678785"
},
{
"name": "37237",
"refsource": "OSVDB",
"url": "http://osvdb.org/37237"
},
{
"name": "20070612 YaBB Forum member.vars CRLF",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538"
},
{
"name": "25656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25656"
},
{
"name": "yabb-vars-privilege-escalation(34848)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34848"
},
{
"name": "37236",
"refsource": "OSVDB",
"url": "http://osvdb.org/37236"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3208",
"datePublished": "2007-06-14T19:00:00",
"dateReserved": "2007-06-14T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4157 (GCVE-0-2006-4157)
Vulnerability from cvelistv5 – Published: 2006-08-16 21:00 – Updated: 2024-08-07 18:57
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060810 Yabb XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442817/100/0/threaded"
},
{
"name": "19460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19460"
},
{
"name": "1016684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016684"
},
{
"name": "yabb-index-script-xss(28324)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28324"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060810 Yabb XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442817/100/0/threaded"
},
{
"name": "19460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19460"
},
{
"name": "1016684",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016684"
},
{
"name": "yabb-index-script-xss(28324)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28324"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060810 Yabb XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442817/100/0/threaded"
},
{
"name": "19460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19460"
},
{
"name": "1016684",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016684"
},
{
"name": "yabb-index-script-xss(28324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28324"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4157",
"datePublished": "2006-08-16T21:00:00",
"dateReserved": "2006-08-16T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3275 (GCVE-0-2006-3275)
Vulnerability from cvelistv5 – Published: 2006-06-28 22:00 – Updated: 2024-08-07 18:23
VLAI?
Summary
SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2504",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2504"
},
{
"name": "20060623 NDSD-06-001",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115102378824221\u0026w=2"
},
{
"name": "yabb-profile-sql-injection(27331)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27331"
},
{
"name": "20780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20780"
},
{
"name": "18625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2504",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2504"
},
{
"name": "20060623 NDSD-06-001",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115102378824221\u0026w=2"
},
{
"name": "yabb-profile-sql-injection(27331)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27331"
},
{
"name": "20780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20780"
},
{
"name": "18625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2504",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2504"
},
{
"name": "20060623 NDSD-06-001",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115102378824221\u0026w=2"
},
{
"name": "yabb-profile-sql-injection(27331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27331"
},
{
"name": "20780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20780"
},
{
"name": "18625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3275",
"datePublished": "2006-06-28T22:00:00",
"dateReserved": "2006-06-28T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4426 (GCVE-0-2005-4426)
Vulnerability from cvelistv5 – Published: 2005-12-20 11:00 – Updated: 2024-08-07 23:46
VLAI?
Summary
Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15368"
},
{
"name": "yabb-image-attachment-xss(23020)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23020"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yabbforum.com/downloads.php"
},
{
"name": "17411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15368"
},
{
"name": "yabb-image-attachment-xss(23020)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23020"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yabbforum.com/downloads.php"
},
{
"name": "17411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15368"
},
{
"name": "yabb-image-attachment-xss(23020)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23020"
},
{
"name": "http://www.yabbforum.com/downloads.php",
"refsource": "CONFIRM",
"url": "http://www.yabbforum.com/downloads.php"
},
{
"name": "17411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4426",
"datePublished": "2005-12-20T11:00:00",
"dateReserved": "2005-12-20T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1277 (GCVE-0-2003-1277)
Vulnerability from cvelistv5 – Published: 2005-11-16 07:37 – Updated: 2024-09-16 20:07
VLAI?
Summary
Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "yabb-se-index-xss(10990)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10990.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5BP061F8US.html"
},
{
"name": "yabb-newstemplate-xss(10989)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10989.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5BP051F8VE.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T07:37:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "yabb-se-index-xss(10990)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10990.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5BP061F8US.html"
},
{
"name": "yabb-newstemplate-xss(10989)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10989.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5BP051F8VE.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yabb-se-index-xss(10990)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10990.php"
},
{
"name": "http://www.securiteam.com/unixfocus/5BP061F8US.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5BP061F8US.html"
},
{
"name": "yabb-newstemplate-xss(10989)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10989.php"
},
{
"name": "http://www.securiteam.com/unixfocus/5BP051F8VE.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5BP051F8VE.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1277",
"datePublished": "2005-11-16T07:37:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-16T20:07:14.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2402 (GCVE-0-2004-2402)
Vulnerability from cvelistv5 – Published: 2005-08-17 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12593"
},
{
"name": "10242",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10242"
},
{
"name": "20040916 RE: www.proboards.com / YaBB XSS Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html"
},
{
"name": "yabb-board-xss(17452)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17452"
},
{
"name": "11215",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12593"
},
{
"name": "10242",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10242"
},
{
"name": "20040916 RE: www.proboards.com / YaBB XSS Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html"
},
{
"name": "yabb-board-xss(17452)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17452"
},
{
"name": "11215",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12593"
},
{
"name": "10242",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10242"
},
{
"name": "20040916 RE: www.proboards.com / YaBB XSS Vuln",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html"
},
{
"name": "yabb-board-xss(17452)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17452"
},
{
"name": "11215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2402",
"datePublished": "2005-08-17T04:00:00",
"dateReserved": "2005-08-17T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2403 (GCVE-0-2004-2403)
Vulnerability from cvelistv5 – Published: 2005-08-17 04:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:12.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12593"
},
{
"name": "11214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11214"
},
{
"name": "yabb-administrative-bypass(17453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17453"
},
{
"name": "20040916 RE: www.proboards.com / YaBB XSS Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html"
},
{
"name": "10243",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12593",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12593"
},
{
"name": "11214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11214"
},
{
"name": "yabb-administrative-bypass(17453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17453"
},
{
"name": "20040916 RE: www.proboards.com / YaBB XSS Vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html"
},
{
"name": "10243",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12593"
},
{
"name": "11214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11214"
},
{
"name": "yabb-administrative-bypass(17453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17453"
},
{
"name": "20040916 RE: www.proboards.com / YaBB XSS Vuln",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html"
},
{
"name": "10243",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2403",
"datePublished": "2005-08-17T04:00:00",
"dateReserved": "2005-08-17T00:00:00",
"dateUpdated": "2024-08-08T01:29:12.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2296 (GCVE-0-2005-2296)
Vulnerability from cvelistv5 – Published: 2005-07-17 04:00 – Updated: 2024-08-07 22:22
VLAI?
Summary
YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:49.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050714 YaBBSe 1.5.5c Path disclosure problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112137300014760\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050714 YaBBSe 1.5.5c Path disclosure problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112137300014760\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050714 YaBBSe 1.5.5c Path disclosure problem",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112137300014760\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2296",
"datePublished": "2005-07-17T04:00:00",
"dateReserved": "2005-07-17T00:00:00",
"dateUpdated": "2024-08-07T22:22:49.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2139 (GCVE-0-2004-2139)
Vulnerability from cvelistv5 – Published: 2005-06-30 04:00 – Updated: 2024-08-08 01:15
VLAI?
Summary
Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11235"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233"
},
{
"name": "12609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12609/"
},
{
"name": "10222",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10222"
},
{
"name": "yabb-admineditpl-xss(17459)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17459"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11235"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233"
},
{
"name": "12609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12609/"
},
{
"name": "10222",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10222"
},
{
"name": "yabb-admineditpl-xss(17459)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17459"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11235"
},
{
"name": "http://www.yabbforum.com/community/YaBB.pl?board=general;action=display;num=1093133233",
"refsource": "CONFIRM",
"url": "http://www.yabbforum.com/community/YaBB.pl?board=general;action=display;num=1093133233"
},
{
"name": "12609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12609/"
},
{
"name": "10222",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10222"
},
{
"name": "yabb-admineditpl-xss(17459)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17459"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2139",
"datePublished": "2005-06-30T04:00:00",
"dateReserved": "2005-06-30T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2140 (GCVE-0-2004-2140)
Vulnerability from cvelistv5 – Published: 2005-06-30 04:00 – Updated: 2024-08-08 01:15
VLAI?
Summary
CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233"
},
{
"name": "12609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12609/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-08-19T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233"
},
{
"name": "12609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12609/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.yabbforum.com/community/YaBB.pl?board=general;action=display;num=1093133233",
"refsource": "CONFIRM",
"url": "http://www.yabbforum.com/community/YaBB.pl?board=general;action=display;num=1093133233"
},
{
"name": "12609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12609/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2140",
"datePublished": "2005-06-30T04:00:00",
"dateReserved": "2005-06-30T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1846 (GCVE-0-2002-1846)
Vulnerability from cvelistv5 – Published: 2005-06-28 04:00 – Updated: 2024-09-16 23:01
VLAI?
Summary
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20021018 New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/296121"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20021018 New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/296121"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021018 New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/296121"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1846",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-16T23:01:03.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1845 (GCVE-0-2002-1845)
Vulnerability from cvelistv5 – Published: 2005-06-28 04:00 – Updated: 2024-09-16 19:56
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:32.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "yabb-index-xss(10406)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10406.php"
},
{
"name": "6004",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6004"
},
{
"name": "20021018 New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/296121"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "yabb-index-xss(10406)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10406.php"
},
{
"name": "6004",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6004"
},
{
"name": "20021018 New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/296121"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yabb-index-xss(10406)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10406.php"
},
{
"name": "6004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6004"
},
{
"name": "20021018 New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/296121"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1845",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-16T19:56:01.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1827 (GCVE-0-2004-1827)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:07
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:48.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233"
},
{
"name": "20040314 YaBB/YaBBse Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107936800226430\u0026w=2"
},
{
"name": "11128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11128"
},
{
"name": "9873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9873"
},
{
"name": "20040316 RE: YaBB/YaBBse Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107948064923981\u0026w=2"
},
{
"name": "yabb-glow-shadow-xss(15488)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15488"
},
{
"name": "1009427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233"
},
{
"name": "20040314 YaBB/YaBBse Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107936800226430\u0026w=2"
},
{
"name": "11128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11128"
},
{
"name": "9873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9873"
},
{
"name": "20040316 RE: YaBB/YaBBse Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107948064923981\u0026w=2"
},
{
"name": "yabb-glow-shadow-xss(15488)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15488"
},
{
"name": "1009427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009427"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.yabbforum.com/community/YaBB.pl?board=general;action=display;num=1093133233",
"refsource": "CONFIRM",
"url": "http://www.yabbforum.com/community/YaBB.pl?board=general;action=display;num=1093133233"
},
{
"name": "20040314 YaBB/YaBBse Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107936800226430\u0026w=2"
},
{
"name": "11128",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11128"
},
{
"name": "9873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9873"
},
{
"name": "20040316 RE: YaBB/YaBBse Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107948064923981\u0026w=2"
},
{
"name": "yabb-glow-shadow-xss(15488)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15488"
},
{
"name": "1009427",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1827",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:48.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1982 (GCVE-0-2004-1982)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:07
VLAI?
Summary
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233"
},
{
"name": "yabb-subject-modify-file(16050)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16050"
},
{
"name": "12609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12609"
},
{
"name": "10263",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10263"
},
{
"name": "20040502 Vulnerability in YaBB forum (Perl version without SQL)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360430703935\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board\u0027s .txt file via carriage return characters in the subject field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233"
},
{
"name": "yabb-subject-modify-file(16050)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16050"
},
{
"name": "12609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12609"
},
{
"name": "10263",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10263"
},
{
"name": "20040502 Vulnerability in YaBB forum (Perl version without SQL)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360430703935\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board\u0027s .txt file via carriage return characters in the subject field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.yabbforum.com/community/YaBB.pl?board=general;action=display;num=1093133233",
"refsource": "CONFIRM",
"url": "http://www.yabbforum.com/community/YaBB.pl?board=general;action=display;num=1093133233"
},
{
"name": "yabb-subject-modify-file(16050)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16050"
},
{
"name": "12609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12609"
},
{
"name": "10263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10263"
},
{
"name": "20040502 Vulnerability in YaBB forum (Perl version without SQL)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360430703935\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1982",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0785 (GCVE-0-2005-0785)
Vulnerability from cvelistv5 – Published: 2005-03-20 05:00 – Updated: 2024-08-07 21:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013420",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013420"
},
{
"name": "20050313 YaBB2 rc1 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111083400601759\u0026w=2"
},
{
"name": "yabb-usersrecentposts-xss(19671)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19671"
},
{
"name": "12756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013420",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013420"
},
{
"name": "20050313 YaBB2 rc1 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111083400601759\u0026w=2"
},
{
"name": "yabb-usersrecentposts-xss(19671)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19671"
},
{
"name": "12756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013420",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013420"
},
{
"name": "20050313 YaBB2 rc1 XSS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111083400601759\u0026w=2"
},
{
"name": "yabb-usersrecentposts-xss(19671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19671"
},
{
"name": "12756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0785",
"datePublished": "2005-03-20T05:00:00",
"dateReserved": "2005-03-20T00:00:00",
"dateUpdated": "2024-08-07T21:28:28.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0741 (GCVE-0-2005-0741)
Vulnerability from cvelistv5 – Published: 2005-03-13 05:00 – Updated: 2024-08-07 21:21
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013420",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013420"
},
{
"name": "12756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-25T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013420",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013420"
},
{
"name": "12756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013420",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013420"
},
{
"name": "12756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0741",
"datePublished": "2005-03-13T05:00:00",
"dateReserved": "2005-03-13T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0344 (GCVE-0-2004-0344)
Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:17
VLAI?
Summary
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040301 YabbSE (3 on 1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107816202813083\u0026w=2"
},
{
"name": "9774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040301 YabbSE (3 on 1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107816202813083\u0026w=2"
},
{
"name": "9774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040301 YabbSE (3 on 1)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107816202813083\u0026w=2"
},
{
"name": "9774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0344",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0291 (GCVE-0-2004-0291)
Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040216 Another YabbSE SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107696318522985\u0026w=2"
},
{
"name": "yabb-post-sql-injection(15224)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15224"
},
{
"name": "9674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040216 Another YabbSE SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107696318522985\u0026w=2"
},
{
"name": "yabb-post-sql-injection(15224)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15224"
},
{
"name": "9674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9674"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040216 Another YabbSE SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107696318522985\u0026w=2"
},
{
"name": "yabb-post-sql-injection(15224)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15224"
},
{
"name": "9674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9674"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0291",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0294 (GCVE-0-2004-0294)
Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:04.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "yabb-invalidmessage-obtain-information(15236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15236"
},
{
"name": "20040217 YABB information leakage on failed login",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107703591314745\u0026w=2"
},
{
"name": "9677",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "yabb-invalidmessage-obtain-information(15236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15236"
},
{
"name": "20040217 YABB information leakage on failed login",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107703591314745\u0026w=2"
},
{
"name": "9677",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9677"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yabb-invalidmessage-obtain-information(15236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15236"
},
{
"name": "20040217 YABB information leakage on failed login",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107703591314745\u0026w=2"
},
{
"name": "9677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9677"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0294",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:10:04.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0343 (GCVE-0-2004-0343)
Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:17
VLAI?
Summary
Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040301 YabbSE (3 on 1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107816202813083\u0026w=2"
},
{
"name": "9774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9774"
},
{
"name": "yabb-multiple-sql-injection(15354)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15354"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040301 YabbSE (3 on 1)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107816202813083\u0026w=2"
},
{
"name": "9774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9774"
},
{
"name": "yabb-multiple-sql-injection(15354)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15354"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040301 YabbSE (3 on 1)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107816202813083\u0026w=2"
},
{
"name": "9774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9774"
},
{
"name": "yabb-multiple-sql-injection(15354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15354"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0343",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0275 (GCVE-0-2003-0275)
Vulnerability from cvelistv5 – Published: 2003-05-14 04:00 – Updated: 2024-08-08 01:50
VLAI?
Summary
SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030509 II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105249980809988\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030509 II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105249980809988\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030509 II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105249980809988\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0275",
"datePublished": "2003-05-14T04:00:00",
"dateReserved": "2003-05-09T00:00:00",
"dateUpdated": "2024-08-08T01:50:47.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0955 (GCVE-0-2002-0955)
Vulnerability from cvelistv5 – Published: 2002-08-31 04:00 – Updated: 2024-08-08 03:12
VLAI?
Summary
Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:15.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "yabb-invalid-thread-xss(9408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9408.php"
},
{
"name": "20020621 [AP] YaBB Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.html"
},
{
"name": "5078",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "yabb-invalid-thread-xss(9408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9408.php"
},
{
"name": "20020621 [AP] YaBB Cross-Site Scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.html"
},
{
"name": "5078",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yabb-invalid-thread-xss(9408)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9408.php"
},
{
"name": "20020621 [AP] YaBB Cross-Site Scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.html"
},
{
"name": "5078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0955",
"datePublished": "2002-08-31T04:00:00",
"dateReserved": "2002-08-16T00:00:00",
"dateUpdated": "2024-08-08T03:12:15.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0117 (GCVE-0-2002-0117)
Vulnerability from cvelistv5 – Published: 2002-06-25 04:00 – Updated: 2024-08-08 02:35
VLAI?
Summary
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/249031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yabbforum.com/"
},
{
"name": "yabb-encoded-css(7840)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7840.php"
},
{
"name": "3828",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info\u0026id=3828"
},
{
"name": "2019",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/249031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yabbforum.com/"
},
{
"name": "yabb-encoded-css(7840)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7840.php"
},
{
"name": "3828",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info\u0026id=3828"
},
{
"name": "2019",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/249031"
},
{
"name": "http://www.yabbforum.com/",
"refsource": "CONFIRM",
"url": "http://www.yabbforum.com/"
},
{
"name": "yabb-encoded-css(7840)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7840.php"
},
{
"name": "3828",
"refsource": "BID",
"url": "http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info\u0026id=3828"
},
{
"name": "2019",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0117",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0853 (GCVE-0-2000-0853)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI?
Summary
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:30.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1668"
},
{
"name": "yabb-file-access(5254)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5254"
},
{
"name": "20000909 YaBB 1.9.2000 Vulnerabilitie",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1668"
},
{
"name": "yabb-file-access(5254)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5254"
},
{
"name": "20000909 YaBB 1.9.2000 Vulnerabilitie",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1668"
},
{
"name": "yabb-file-access(5254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5254"
},
{
"name": "20000909 YaBB 1.9.2000 Vulnerabilitie",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0853",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-10-18T00:00:00",
"dateUpdated": "2024-08-08T05:37:30.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1176 (GCVE-0-2000-1176)
Vulnerability from cvelistv5 – Published: 2000-12-19 05:00 – Updated: 2024-08-08 05:45
VLAI?
Summary
Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch" form field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20001107 Insecure input balidation in YaBB Search.pl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0110.html"
},
{
"name": "1921",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the \"catsearch\" form field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20001107 Insecure input balidation in YaBB Search.pl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0110.html"
},
{
"name": "1921",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the \"catsearch\" form field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001107 Insecure input balidation in YaBB Search.pl",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0110.html"
},
{
"name": "1921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1176",
"datePublished": "2000-12-19T05:00:00",
"dateReserved": "2000-12-14T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}