Info

Disclosure

Aug 25, 2004

Discovery

Unknown

Dates

Exploit

Aug 25, 2004

Solution

Unknown

Description

YaBB SE contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when accessing the 'Admin.php' script directly, which will cause the server to return an error page containing the installation path resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Hendrik Jan Visser

YaBB SE

1.5.1

References

Security Tracker: 1011166
ISS X-Force ID: 17267
CVE ID: 2004-1662 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0044.html
Other Advisory URL: http://echo.or.id/adv/adv05-y3dips-2004.txt
Vendor URL: http://www.yabbse.org/

Credit

Ahmad Muammar - y3dipsecho.or.id -

Direct URL: http://osvdb.org/36218