Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4135

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4135
Last Modified 07 Mar 2011 09:27:42
Published 09 Dec 2005 10:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4135

Summary

Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php.

Vulnerable Systems

Application

  • Simplemedia Simplebbs 1.0.6

  • Simplemedia Simplebbs 1.0.7

  • Simplemedia Simplebbs 1.1


References

VUPEN - ADV-2005-2807

BID - 15764

BUGTRAQ - 20051207 SimpleBBS <= v1.1 remote commands execution in c by: unitedasia security crew

SECUNIA - 17949

SECTRACK - 1015323


Last Updated: 27 May 2016 10:41:11