Shodan
Vulnerabilities
Vulnerable Software
Yabb:  Security Vulnerabilities
CVE-2004-2140
CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable.
CVSS Score
5.0
EPSS Score
0.003
Published
2004-12-31
CVE-2004-2402
Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.
CVSS Score
4.3
EPSS Score
0.005
Published
2004-12-31
CVE-2004-2403
Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.
CVSS Score
10.0
EPSS Score
0.015
Published
2004-12-31
CVE-2004-2754
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
CVSS Score
7.5
EPSS Score
0.014
Published
2004-12-31
CVE-2004-0291
SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter.
CVSS Score
5.0
EPSS Score
0.004
Published
2004-11-23
CVE-2004-0343
Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.
CVSS Score
10.0
EPSS Score
0.003
Published
2004-11-23
CVE-2004-0344
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
CVSS Score
6.4
EPSS Score
0.029
Published
2004-11-23
CVE-2004-1662
YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message.
CVSS Score
5.0
EPSS Score
0.005
Published
2004-08-25
CVE-2004-1982
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.
CVSS Score
5.0
EPSS Score
0.006
Published
2004-05-03
CVE-2004-1827
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.
CVSS Score
4.3
EPSS Score
0.009
Published
2004-03-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved