Simple Machines Forum Multiple Unspecified 'html-tag' and Random Generator Seeding Vulnerabilities

Bugtraq ID:	30268
Class:	Unknown
CVE:	CVE-2008-3073 CVE-2008-3072
Remote:	Yes
Local:	No
Published:	Apr 30 2008 12:00AM
Updated:	Jul 17 2008 10:19PM
Credit:	Jessica Hope
Vulnerable:	Simple Machines SMF 1.1.4 Simple Machines SMF 1.1.3 Simple Machines SMF 1.1.2 Simple Machines SMF 1.1.1 Simple Machines SMF 1.0.12 Simple Machines SMF 1.0.11 Simple Machines SMF 1.0.10 Simple Machines SMF 1.0.9 Simple Machines SMF 1.0.8 Simple Machines SMF 1.0.8 Simple Machines SMF 1.0.7 Simple Machines SMF 1.0.6 Simple Machines SMF 1.0.5 Simple Machines SMF 1.0.4 Simple Machines SMF 1.0.3 Simple Machines SMF 1.0.2 Simple Machines SMF 1.0.1
Not Vulnerable:	Simple Machines SMF 1.1.5 Simple Machines SMF 1.0.13

Simple Machines Forum Multiple Unspecified 'html-tag' and Random Generator Seeding Vulnerabilities

Simple Machines Forum is prone to multiple unspecified vulnerabilities.

Very few details are available regarding these issues. We will update this BID as more information emerges.

These issues affect versions prior to Simple Machines Forum 1.0.13 and 1.1.5.

Simple Machines Forum Multiple Unspecified 'html-tag' and Random Generator Seeding Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Simple Machines Forum Multiple Unspecified 'html-tag' and Random Generator Seeding Vulnerabilities

Solution:
The vendor has released updates. Please see the references for more information.

Simple Machines Forum Multiple Unspecified 'html-tag' and Random Generator Seeding Vulnerabilities

References:

• Simple Machines Forum 1.1.5 and 1.0.13 released (Simple Machines)
  
• Simple Machines Homepage (Simple Machines)