YaBB 1.x/9.1.2000 YaBB.pl IMSend Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11215/info A cross-site scripting vulnerability is reported in the YaBB forum 'YaBB.pl' script. As a result, it is possible for a remote attacker to create a malicious link to the affected page of a site hosting the web...

YABB远程文件泄露漏洞

BugCVE: CVE-2000-0853 BUGTRAQ: 1668 YaBB.pl是一个基于Web的公告牌脚本程序。YaBB.pl它将公告牌中的文章存放在编号的文本文件中。编号的文件名是在调用YaBB.pl时通过变量num=file来指定的。在检索该文件之前，YaBB在file后面添加一个后缀.txt。 由于YaBB中的输入合法性检查错误，在file中可以指定相对路径。这包括../类型的路径。此外，file可以不是数字格式，而且.txt后缀可以通过在file后面添加%00来避免。通过在单个请求中使用上述的这些漏洞，恶意用户可以察看Web服务器可以存取的任何文件。 9.1.2000...

CVE-2004-2402

Cross-site scripting XSS vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect...

CVE-2004-2402

CVE-2004-2402 affects YaBB 1 GOLD SP 1.3.2. YaBB.pl CGI is vulnerable to cross-site scripting via a hex-encoded to parameter; note that some sources claimed the board parameter is affected, but this is stated as incorrect in the primary description. Connected sources corroborate multiple vulnerab...

CVE-2005-0741

Cross-site scripting XSS vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action...