CVE-2007-3423

CVE-2007-3423 affects WebAPP (web-app.org) WebAPP versions before 0.9.9.7. The vulnerable component is cgi-bin/cgi-lib/instantmessage.pl, where the From field of an instant message is used as the beginning of the .dat filename when the imview2 or imview3 function reads messages from an internal I...

Directory traversal

Directory traversal vulnerability in Yet another Bulletin Board YaBB 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. dot dot in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variabl...

CVE-2007-3295

YaBB 2.1 and earlier suffer a directory traversal vulnerability where remote authenticated users can execute arbitrary Perl code by manipulating the userlanguage profile setting; the userlanguage key is propagated to language variables across multiple YaBB scripts (HelpCentre.pl, ICQPager.pl, Sub...

Local File Include Vulnerabilities in YaBB <= 2.1(all version)

Local File Include Vulnerabilities Problem: Local File Include Vulnerabilities Product: YaBB = 2.1all version Web page:http://www.yabbforum.com/ Credit:Maciej krasza Kukla @mail:[email protected] homepage:www.krasza.int.pl 1.Description "YaBB is a leading free forum software package that rivals an...