Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2005-4426
HistoryDec 20, 2005 - 11:03 a.m.

CVE-2005-4426

2005-12-2011:03:00
mitre
web.nvd.nist.gov
48
cve-2005-4426
yabb
interpretation conflict
remote code injection
html injection
gif file extension
internet explorer
nvd

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.823

Percentile

98.4%

JSON

Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB.

Affected configurations

Nvd
Node
yabbyabbMatch1.40
OR
yabbyabbMatch1.41
OR
yabbyabbMatch1_gold_-_sp_1
OR
yabbyabbMatch1_gold_-_sp_1.2
OR
yabbyabbMatch1_gold_-_sp_1.3
OR
yabbyabbMatch1_gold_-_sp_1.3.1
OR
yabbyabbMatch1_gold_-_sp_1.3.2
OR
yabbyabbMatch1_gold_-_sp_1.4
OR
yabbyabbMatch1_gold_release
OR
yabbyabbMatch2.0
OR
yabbyabbMatch2.0_rc1
OR
yabbyabbMatch2.0_rc2
VendorProductVersionCPE
yabbyabb1.40cpe:2.3:a:yabb:yabb:1.40:*:*:*:*:*:*:*
yabbyabb1.41cpe:2.3:a:yabb:yabb:1.41:*:*:*:*:*:*:*
yabbyabb1_gold_-_sp_1cpe:2.3:a:yabb:yabb:1_gold_-_sp_1:*:*:*:*:*:*:*
yabbyabb1_gold_-_sp_1.2cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.2:*:*:*:*:*:*:*
yabbyabb1_gold_-_sp_1.3cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3:*:*:*:*:*:*:*
yabbyabb1_gold_-_sp_1.3.1cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3.1:*:*:*:*:*:*:*
yabbyabb1_gold_-_sp_1.3.2cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3.2:*:*:*:*:*:*:*
yabbyabb1_gold_-_sp_1.4cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.4:*:*:*:*:*:*:*
yabbyabb1_gold_releasecpe:2.3:a:yabb:yabb:1_gold_release:*:*:*:*:*:*:*
yabbyabb2.0cpe:2.3:a:yabb:yabb:2.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 121

Related

nvd 5
cvelist 5
cve 4
nessus 2
ubuntucve 2
nvd
nvd
CVE-2005-4426
2005-12-20 11:03:00
CVE-2005-3312
2005-10-26 10:02:00
CVE-2005-3975
2005-12-03 19:03:00
cvelist
cvelist
CVE-2005-4426
2005-12-20 11:00:00
CVE-2005-3312
2005-10-26 04:00:00
CVE-2005-3477
2005-11-03 02:00:00
cve
cve
CVE-2005-3312
2005-10-26 10:02:00
CVE-2005-3310
2005-10-26 01:02:00
CVE-2005-3477
2005-11-03 02:02:00
nessus
nessus
Debian DSA-958-1 : drupal - several vulnerabilities
2006-10-14 00:00:00
Debian DSA-925-1 : phpbb2 - several vulnerabilities
2006-10-14 00:00:00
ubuntucve
ubuntucve
CVE-2005-3975
2005-12-03 00:00:00
CVE-2005-3310
2005-10-26 00:00:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.823

Percentile

98.4%

JSON
Related for CVE-2005-4426
nvd5cvelist5cve4nessus2ubuntucve2