Directory traversal

Directory traversal vulnerability in Yet another Bulletin Board YaBB 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. dot dot in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variabl...

CVE-2007-3295

YaBB 2.1 and earlier suffer a directory traversal vulnerability where remote authenticated users can execute arbitrary Perl code by manipulating the userlanguage profile setting; the userlanguage key is propagated to language variables across multiple YaBB scripts (HelpCentre.pl, ICQPager.pl, Sub...

Local File Include Vulnerabilities in YaBB <= 2.1(all version)

Local File Include Vulnerabilities Problem: Local File Include Vulnerabilities Product: YaBB = 2.1all version Web page:http://www.yabbforum.com/ Credit:Maciej krasza Kukla @mail:[email protected] homepage:www.krasza.int.pl 1.Description "YaBB is a leading free forum software package that rivals an...

CVE-2004-1982

CVE-2004-1982 affects YaBB 1 Gold SP 1.2, where Post.pl allows remote attackers to modify records in the board’s .txt file by sending carriage return characters in the subject field. The available documents describe the vulnerability and impact as modification of board records, but do not provide...

CVE-2004-1982

Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field...