CVE-2002-0117
published 2002-03-25CVE-2002-0117: Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal…
PriorityP425high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.84%
84.9th percentile
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yabb | yabb | — | — |
| yabb | yabb | — | — |
| yabb | yabb | — | — |
| yabb | yabb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft BizTalk Server 2002 - HTTP Receiver Buffer Overflow
exploitdb·2003-04-30
CVE-2003-0117 Microsoft BizTalk Server 2002 - HTTP Receiver Buffer Overflow
Microsoft BizTalk Server 2002 - HTTP Receiver Buffer Overflow
---
source: https://www.securityfocus.com/bid/7469/info
Microsoft BizTalk Server 2002 contains a boundary condition error that could allow a buffer to be overrun. Successful exploitation could allow arbitrary code execution in the security context of the IIS Server hosting the application.
It is important to note that the HTTP Receiver is an optional component and is not installed by default.
POST /Site/biztalkhttpreceive.dll?XXXX...(more than 250 chars) HTTP/1.0
Exploit-DB
YaBB 9.1.2000 - Cross-Agent Scripting
exploitdb·2002-01-09
CVE-2002-0117 YaBB 9.1.2000 - Cross-Agent Scripting
YaBB 9.1.2000 - Cross-Agent Scripting
---
source: https://www.securityfocus.com/bid/3828/info
YaBB (Yet Another Bulletin Board) is freely available web forums/community software that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS, and Microsoft Windows 9x/ME/NT/2000/XP platforms.
YaBB is prone to cross-agent scripting attacks via the insertion of HTML tags into image links in messages. Due to insufficient input validation, it is possible to insert arbitrary script code in forum messages/replies. The malicious script code will be executed in the browser of the user viewing the message, in the context of the site running YaBB.
This makes it possible for a malicious user to post a message which is capable of stealing another legitimate user's cookie-based authentica
No writeups or analysis indexed.
http://online.securityfocus.com/archive/1/249031http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828http://www.iss.net/security_center/static/7840.phphttp://www.osvdb.org/2019http://www.yabbforum.com/http://online.securityfocus.com/archive/1/249031http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828http://www.iss.net/security_center/static/7840.phphttp://www.osvdb.org/2019http://www.yabbforum.com/
2002-03-25
Published