Lucene search

[email protected]CVE-2005-4426

HistoryDec 20, 2005 - 11:03 a.m.

CVE-2005-4426

2005-12-2011:03:00

[email protected]

web.nvd.nist.gov

cve-2005-4426

yabb

interpretation conflict

remote code injection

html injection

gif file extension

internet explorer

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.823 High

EPSS

Percentile

98.4%

JSON

Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB.

Affected configurations

NVD

Node

yabbyabbMatch1.40

yabbyabbMatch1.41

yabbyabbMatch1_gold_-_sp_1

yabbyabbMatch1_gold_-_sp_1.2

yabbyabbMatch1_gold_-_sp_1.3

yabbyabbMatch1_gold_-_sp_1.3.1

yabbyabbMatch1_gold_-_sp_1.3.2

yabbyabbMatch1_gold_-_sp_1.4

yabbyabbMatch1_gold_release

yabbyabbMatch2.0

yabbyabbMatch2.0_rc1

yabbyabbMatch2.0_rc2

CPENameOperatorVersion
yabb:yabbyabbeq1.40
yabb:yabbyabbeq1.41
yabb:yabbyabbeq1_gold_-_sp_1
yabb:yabbyabbeq1_gold_-_sp_1.2
yabb:yabbyabbeq1_gold_-_sp_1.3
yabb:yabbyabbeq1_gold_-_sp_1.3.1
yabb:yabbyabbeq1_gold_-_sp_1.3.2
yabb:yabbyabbeq1_gold_-_sp_1.4
yabb:yabbyabbeq1_gold_release
yabb:yabbyabbeq2.0

CPE	Name	Operator	Version
yabb:yabb	yabb	eq	1.40
yabb:yabb	yabb	eq	1.41
yabb:yabb	yabb	eq	1_gold_-_sp_1
yabb:yabb	yabb	eq	1_gold_-_sp_1.2
yabb:yabb	yabb	eq	1_gold_-_sp_1.3
yabb:yabb	yabb	eq	1_gold_-_sp_1.3.1
yabb:yabb	yabb	eq	1_gold_-_sp_1.3.2
yabb:yabb	yabb	eq	1_gold_-_sp_1.4
yabb:yabb	yabb	eq	1_gold_release
yabb:yabb	yabb	eq	2.0

Rows per page:

1-10 of 121

References

secunia.com/advisories/17411

www.securityfocus.com/bid/15368

www.yabbforum.com/downloads.php

exchange.xforce.ibmcloud.com/vulnerabilities/23020

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.823 High

EPSS

Percentile

98.4%

JSON

Related for CVE-2005-4426

cvelist5 nvd5 cve4 nessus2 ubuntucve2