CVE-2002-0955
published 2002-10-04CVE-2002-0955: Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script…
PriorityP428high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.55%
94.4th percentile
Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yabb | yabb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OpenBSD - 'ibcs2_exec' Kernel Code Execution
exploitdb·2003-11-07
CVE-2003-0955 OpenBSD - 'ibcs2_exec' Kernel Code Execution
OpenBSD - 'ibcs2_exec' Kernel Code Execution
---
//
// Patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/005_exec.patch
//
#include
#include
#include
#include
/* $OpenBSD: ibcs2_exec.h,v 1.3 2002/03/14 01:26:50 millert Exp $ */
/* $NetBSD: ibcs2_exec.h,v 1.4 1995/03/14 15:12:24 scottb Exp $ */
/*
* Copyright (c) 1994, 1995 Scott Bartram
* All rights reserved.
*
* adapted from sys/sys/exec_ecoff.h
* based on Intel iBCS2
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, t
Exploit-DB
YaBB 1 - Invalid Topic Error Page Cross-Site Scripting
exploitdb·2002-06-21
CVE-2002-0955 YaBB 1 - Invalid Topic Error Page Cross-Site Scripting
YaBB 1 - Invalid Topic Error Page Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/5078/info
It is reported possible for attackers to construct a URL that will cause scripting code to be embedded in error pages.
YaBB fails to check URLs for the presence of script commands when generating error pages, allowing attacker supplied code to execute. If such a URL is sent to a YaBB user, upon accessing the link, the attacker-supplied code will run in the context of the site running the vulnerable software.
This issue may be exploited to steal cookie-based authentication credentials from legitimate users of YaBB.
http://some.site.com/cgi-bin/YaBB/YaBB.cgi?board=BOARD&action=display&num=alert()
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.htmlhttp://www.iss.net/security_center/static/9408.phphttp://www.securityfocus.com/bid/5078http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.htmlhttp://www.iss.net/security_center/static/9408.phphttp://www.securityfocus.com/bid/5078
2002-10-04
Published