Web application abuses : Simple Machines Forum Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800558

Categoría: Web application abuses

Título: Simple Machines Forum Multiple Vulnerabilities

Resumen: Simple Machines Forum is prone to multiple vulnerabilities.

Descripción: Summary:
Simple Machines Forum is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to

- Lack of access control and validation check while performing certain
HTTP requests which lets the attacker perform certain administrative commands.

- Lack of validation check for the 'theme_dir' settings before being
used which causes arbitrary code execution from local resources.

- Crafted avatars are being allowed for code execution.

Vulnerability Impact:
Successful exploitation will let the attacker execute malicious arbitrary
codes in the context of the SMF web application to gain administrative
privileges, install malicious components into the forum context or can
cause directory traversal attacks also.

Affected Software/OS:
Simple Machines Forum version 1.0 to 1.0.14.

Simple Machines Forum version 1.1 to 1.1.6.

Solution:
Update your Simple Machines Forum version to 1.1.7 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-6657
BugTraq ID: 32119
http://www.securityfocus.com/bid/32119
https://www.exploit-db.com/exploits/6993
http://osvdb.org/50071
http://secunia.com/advisories/32516
XForce ISS Database: smf-unspecified-csrf(46343)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46343
Common Vulnerability Exposure (CVE) ID: CVE-2008-6658
http://osvdb.org/50070
Common Vulnerability Exposure (CVE) ID: CVE-2008-6659
BugTraq ID: 32139
http://www.securityfocus.com/bid/32139
https://www.exploit-db.com/exploits/7011
http://osvdb.org/50072

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800558
Categoría:	Web application abuses
Título:	Simple Machines Forum Multiple Vulnerabilities
Resumen:	Simple Machines Forum is prone to multiple vulnerabilities.
Descripción:	Summary: Simple Machines Forum is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to - Lack of access control and validation check while performing certain HTTP requests which lets the attacker perform certain administrative commands. - Lack of validation check for the 'theme_dir' settings before being used which causes arbitrary code execution from local resources. - Crafted avatars are being allowed for code execution. Vulnerability Impact: Successful exploitation will let the attacker execute malicious arbitrary codes in the context of the SMF web application to gain administrative privileges, install malicious components into the forum context or can cause directory traversal attacks also. Affected Software/OS: Simple Machines Forum version 1.0 to 1.0.14. Simple Machines Forum version 1.1 to 1.1.6. Solution: Update your Simple Machines Forum version to 1.1.7 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6657 BugTraq ID: 32119 http://www.securityfocus.com/bid/32119 https://www.exploit-db.com/exploits/6993 http://osvdb.org/50071 http://secunia.com/advisories/32516 XForce ISS Database: smf-unspecified-csrf(46343) https://exchange.xforce.ibmcloud.com/vulnerabilities/46343 Common Vulnerability Exposure (CVE) ID: CVE-2008-6658 http://osvdb.org/50070 Common Vulnerability Exposure (CVE) ID: CVE-2008-6659 BugTraq ID: 32139 http://www.securityfocus.com/bid/32139 https://www.exploit-db.com/exploits/7011 http://osvdb.org/50072
Copyright	Copyright (C) 2009 Greenbone AG