CVE-2004-0344
published 2004-11-23CVE-2004-0344: Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in…
PriorityP429medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EXPLOIT
EPSS
2.16%
79.9th percentile
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yabb | yabb | — | — |
| yabb | yabb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Software602 602 Lan Suite 2004 2004.0.04.1221 - Arbitrary File Upload
exploitdb·2005-02-08
CVE-2005-0344 Software602 602 Lan Suite 2004 2004.0.04.1221 - Arbitrary File Upload
Software602 602 Lan Suite 2004 2004.0.04.1221 - Arbitrary File Upload
---
source: https://www.securityfocus.com/bid/12495/info
602 Lan Suite 2004 is reportedly affected by a vulnerability regarding the uploading of file attachments. This issue is due to the application failing to properly sanitize the names of file attachments before upload. A malicious user could exploit this vulnerability using directory traversal attacks to upload a file to an arbitrary location accessible by the affected server.
This vulnerability could lead to the execution of a malicious file on the server hosting the application.
602 Lan Suite 2004 version 2004.0.04.1221 is reportedly vulnerable; other versions may also be affected.
POST /mail HTTP/1.0
Host: localhost
Content-Type: multipart/form-data; boundar
Exploit-DB
YaBB SE 1.5.x - Arbitrary File Deletion
exploitdb·2004-03-01
CVE-2004-0344 YaBB SE 1.5.x - Arbitrary File Deletion
YaBB SE 1.5.x - Arbitrary File Deletion
---
source: https://www.securityfocus.com/bid/9774/info
It has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successful exploitation of these issues may allow an attacker to gain access to sensitive information that may be used to mount further attacks against a vulnerable system. The SQL injection vulnerabilities can be exploited to gain access to user authentication credentials and corrupt user information in the underlying database.
YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b are reported to be affected by these issues, however it is possible that other versions are vulnerable as well.
http://www.e
No writeups or analysis indexed.
2004-11-23
Published