Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yabb yabb vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2007-3208
CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote malicious users to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code.
Yabb Yabb 2.1
10
CVSSv2
CVE-2004-2403
Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote malicious users to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.
Yabb Yabb 1 Gold - Sp 1.2
Yabb Yabb 1 Gold - Sp 1.3
Yabb Yabb 1.41
Yabb Yabb 1 Gold - Sp 1
Yabb Yabb 2000-09-11
Yabb Yabb 1.40
Yabb Yabb 1 Gold Release
Yabb Yabb 2000-09-01
Yabb Yabb 1 Gold - Sp 1.3.1
Yabb Yabb 1 Gold - Sp 1.3.2
10
CVSSv2
CVE-2004-0343
Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 up to and including 1.5.5b allow remote malicious users to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.
Yabb Yabb 1.5.4
Yabb Yabb 1.5.5
Yabb Yabb 1.5.5b
1 EDB exploit
7.5
CVSSv2
CVE-2013-2057
YaBB up to and including 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability
Yabb Yabb
7.5
CVSSv2
CVE-2006-5413
Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote malicious users to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) content/portalshow.php...
Supermod Supermod 3.0.0
1 EDB exploit
7.5
CVSSv2
CVE-2006-3275
SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and previous versions allows remote malicious users to execute SQL commands via a double-encoded user parameter in a viewprofile action.
Yabb Yabb 1.5.1
Yabb Yabb
Yabb Yabb 1.5.2
Yabb Yabb 1.5.4
7.5
CVSSv2
CVE-2004-2754
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions prior to 1.5.5 allows remote malicious users to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
Yabb Yabb Se 0.8
Yabb Yabb Se 1.1.3
Yabb Yabb Se 1.4.1
Yabb Yabb Se 1.5.3
Yabb Yabb Se 1.5.4
Yabb Yabb Se 1.5.1
Yabb Yabb Se 1.5.2
Yabb Yabb Se 1.5.0
Yabb Yabb Se 1.5.1 Rc1
1 EDB exploit
7.5
CVSSv2
CVE-2004-2139
Unknown vulnerability in Adminedit.pl YaBB 1 Gold prior to 1.3.2 allows malicious users to execute arbitrary code via settings.pl.
Yabb Yabb 1 Gold - Sp 1.3
Yabb Yabb 1 Gold - Sp 1.3.1
7.5
CVSSv2
CVE-2002-0955
Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and previous versions allows remote malicious users to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error...
Yabb Yabb 1 Gold Sp 1
1 EDB exploit
7.5
CVSSv2
CVE-2002-0117
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and previous versions allows remote malicious users to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
Yabb Yabb 0.01 Release
Yabb Yabb 2000-09-01
Yabb Yabb 2000-09-11
Yabb Yabb 0.01 Sp1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »