CVE-2005-2059

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.gulftech.org/?node=research&article_id=00084-06232005	Exploit Patch Vendor Advisory
http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351	Patch
http://marc.info/?l=bugtraq&m=111963737202040&w=2

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ubbcentral:ubb.threads:6.0.1:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.0.2:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.2.3:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.3:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.5.1:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.5.1.1:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.0.3:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.1:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.3.1:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.4:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.4.1:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.0:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.2.1:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.2.2:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.4.4:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.5:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.1.1:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.2:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.4.2:::::::*
	cpe:2.3:a:ubbcentral:ubb.threads:6.4.3:::::::*

Information

Published : 2005-06-29 04:00

Updated : 2016-10-18 03:24

NVD link : CVE-2005-2059

Mitre link : CVE-2005-2059

JSON object : View

Products Affected

ubbcentral

ubb.threads

CWE

NVD-CWE-Other

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.gulftech.org/?node=research&article_id=00084-06232005", "name": "http://www.gulftech.org/?node=research&article_id=00084-06232005", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351", "name": "http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351", "tags": ["Patch"], "refsource": "MISC"}, {"url": "http://marc.info/?l=bugtraq&m=111963737202040&w=2", "name": "20050624 Infopop UBB Threads Multiple Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-2059", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-06-29T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ubbcentral:ubb.threads:6.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-10-18T03:24Z"}