Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2817

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2817
Last Modified 05 Sep 2008 04:52:46
Published 07 Sep 2005 03:07:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2817

Summary

Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.

Vulnerable Systems

Application

  • Simple Machines Forum 1.0.5


References

XF - smf-avatar-image-information-disclosure(22093)

SECTRACK - 1014828

SECUNIA - 16646

BUGTRAQ - 20050831 Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure

MISC - http://rgod.altervista.org/smf105.html


Last Updated: 27 May 2016 10:40:39