YaBB
----

CVE Number: 
None

Details:
The YaBB.pl cgi and/or the search.pl script were found on the system. A flaw 
in earlier versions of the YaBB.pl bulletin board program allowed for remote 
file viewing. The search.pl file is susceptible to a problem where a remote
user could craft their own html form and submit it, running arbitrary
commands.

Fix:
It is recommended that the file be removed from the system or upgraded to a
secure version.

Related URLs:
http://www.securityfocus.com/archive/1/81543
http://archives.neohapsis.com/archives/bugtraq/2000-11/0110.html
http://www.yabb.org/

$Id: yabb,v 1.2 2001/01/03 22:51:49 loveless Exp $
