Filtered by vendor Yabb Subscriptions

Search

Switch to Advanced Search (Beta)
Total 29 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2000-0853 1 Yabb 1 Yabb 2025-04-03 N/A
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2004-0343 1 Yabb 1 Yabb 2025-04-03 N/A
Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.
CVE-2004-1662 1 Yabb 1 Yabb 2025-04-03 N/A
YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message.
CVE-2004-1982 1 Yabb 1 Yabb 2025-04-03 N/A
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.
CVE-2004-2139 1 Yabb 1 Yabb 2025-04-03 N/A
Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl.
CVE-2004-2140 1 Yabb 1 Yabb 2025-04-03 N/A
CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable.
CVE-2004-2403 1 Yabb 1 Yabb 2025-04-03 N/A
Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.
CVE-2005-0741 1 Yabb 1 Yabb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.
CVE-2013-2057 1 Yabb 1 Yabb 2024-11-21 9.8 Critical
YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability