Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3259

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3259
Last Modified 10 Sep 2008 03:46:07
Published 20 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3259

Summary

Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) login field, (2) "search this thread" feature, (3) "search for posts" feature, (4) "forgot password" feature, (5) list parameter in userlistpre.php, and the (6) select, (7) categ, and (8) to parameters in index.php.

Vulnerable Systems

Application

  • Versatilebulletinboard 1.0.0.rc2


References

BID - 15068

SECUNIA - 17174

MISC - http://rgod.altervista.org/versatile100RC2.html

BUGTRAQ - 20051010 versatileBulletinBoard V1.0.0 RC2 (possibly prior versions)

OSVDB - 19968

OSVDB - 19967

OSVDB - 19966

OSVDB - 19965

OSVDB - 19964

OSVDB - 19963

OSVDB - 19962


Last Updated: 27 May 2016 10:40:52