2 matches found
Directory traversal
Directory traversal vulnerability in Yet another Bulletin Board YaBB 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. dot dot in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variabl...
CVE-2007-3208
CRLF injection vulnerability in Yet another Bulletin Board YaBB 2.1 allows remote attackers to obtain administrative access via requests to 1 register.pl or 2 profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code...