YaBB 1.x/9.1.2000 YaBB.pl IMSend Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11215/info A cross-site scripting vulnerability is reported in the YaBB forum 'YaBB.pl' script. As a result, it is possible for a remote attacker to create a malicious link to the affected page of a site hosting the web...

yabb-lfi.txt

Local File Include Vulnerabilities Problem: Local File Include Vulnerabilities Product: YaBB 1,640,000 clients 2. Local File Include I found many bugs like it in this board.Bugs relate one special variable for user$language, you can edit this variable in your profile. Examples, where I found bugs...

[Full-disclosure] iDefense Security Advisory 06.12.07: YaBB Forum member.vars CRLF Injection Privilege Escalation Vulnerability

YaBB Forum member.vars CRLF Injection Privilege Escalation Vulnerability iDefense Security Advisory 06.12.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 12, 2007 I. BACKGROUND YaBB Yet another Bulletin Board is an Open Source community forum system written in Perl. More information...

yabbXSS.txt

PersianHacker.NET 200503-08 YaBB2 rc1 XSS Vulnerability Date: 2005 March Bug Number: 08 bid:12756 YaBB is a leading free forum software package that rivals any professional message board out there. It provides a real-time chat and support system for your visitors. More info @:...

YaBB 1.x9.1.2000 - YaBB.pl IMSend Cross-Site Scripting

YaBB 1.x9.1.2000 - YaBB.pl IMSend Cross-Site Scripting source: https://www.securityfocus.com/bid/11215/info A cross-site scripting vulnerability is reported in the YaBB forum 'YaBB.pl' script. As a result, it is possible for a remote attacker to create a malicious link to the affected page of a...

YaBB 1.x/9.1.2000 - 'YaBB.pl IMSend' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11215/info A cross-site scripting vulnerability is reported in the YaBB forum 'YaBB.pl' script. As a result, it is possible for a remote attacker to create a malicious link to the affected page of a site hosting the web forum. The malicious link may conta...

Vulnerability in YaBB forum (Perl version without SQL)

There's a vulnerability in non-SQL version of YaBB forum I've checked it with YaBB 1 Gold - SP 1.2 written in Perl -- it's not new, but is in use even nowadays. You can input almost anything into .txt file from boards directory. The "subject" form field isn't checked for "n" symbols, so creating ...

YABB information leakage on failed login

YABB is a popular web-based bulletin board system, written in perl and available from http://www.yabbforum.com/. While evaluating it, I found a minor issue where an attacker trying to log in to the forums can extract some useful information making his job easier than it needs to be. Most YABB...

YaBB 1 Gold SP 1 - 'YaBB.pl' Cross-Site Scripting

source: https://www.securityfocus.com/bid/6272/info A cross-site scripting vulnerability has been reported in the YaBB forum. This vulnerability is due to insufficient sanitization of URI parameters in some scripts. As a result, it is possible for a remote attacker to create a malicious link to t...

YaBB 1 Gold SP 1 - YaBB.pl Cross-Site Scripting

YaBB 1 Gold SP 1 - YaBB.pl Cross-Site Scripting source: https://www.securityfocus.com/bid/6272/info A cross-site scripting vulnerability has been reported in the YaBB forum. This vulnerability is due to insufficient sanitization of URI parameters in some scripts. As a result, it is possible for a...

YaBB 1.40/1.41 - Login Cross-Site Scripting

source: https://www.securityfocus.com/bid/6004/info A cross-site scripting vulnerability has been reported in the YaBB Yet Another Bulletin Board forum login script. HTML tags or script code are not sanitized from the error output of erroneous login attempts. As a result, it is possible for a...

YaBB 1.401.41 - Login Cross-Site Scripting

YaBB 1.401.41 - Login Cross-Site Scripting source: https://www.securityfocus.com/bid/6004/info A cross-site scripting vulnerability has been reported in the YaBB Yet Another Bulletin Board forum login script. HTML tags or script code are not sanitized from the error output of erroneous login...