XMB Forum Multiple Vulnerabilities
BID:9983
Info
XMB Forum Multiple Vulnerabilities
| Bugtraq ID: | 9983 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-1864 CVE-2004-1862 CVE-2004-1863 CVE-2004-2588 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 26 2004 12:00AM |
| Updated: | Sep 11 2008 06:30PM |
| Credit: | Discovery of these issues is credited to Janek Vind <[email protected]>. |
| Vulnerable: |
XMB Forum 1.9 beta XMB Forum 1.8 SP3 |
| Not Vulnerable: |
XMB Forum 1.9.10 |
Discussion
XMB Forum Multiple Vulnerabilities
Multiple vulnerabilities have been reported in XMB Forum. The specific issues include an information-disclosure issue and multiple cross-site scripting and SQL-injection issues.
Attackers can exploit these issues to steal cookie-based authentication credentials, modify SQL query logic and structure, and obtain sensitive information about the underlying environment. Cumulatively, these issues could allow remote attackers to hijack accounts, compromise the forum, mount attacks on the database, and launch further attacks against system resources.
Note that these issues appear to have been introduced across different versions of the software.
Multiple vulnerabilities have been reported in XMB Forum. The specific issues include an information-disclosure issue and multiple cross-site scripting and SQL-injection issues.
Attackers can exploit these issues to steal cookie-based authentication credentials, modify SQL query logic and structure, and obtain sensitive information about the underlying environment. Cumulatively, these issues could allow remote attackers to hijack accounts, compromise the forum, mount attacks on the database, and launch further attacks against system resources.
Note that these issues appear to have been introduced across different versions of the software.
Exploit / POC
XMB Forum Multiple Vulnerabilities
An exploit is not required.
Multiple proof-of-concept examples have been included in Janek Vind's [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta] Bugtraq post.
An exploit is not required.
Multiple proof-of-concept examples have been included in Janek Vind's [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta] Bugtraq post.
Solution / Fix
XMB Forum Multiple Vulnerabilities
Solution:
A vendor update is available. Contact the vendor for more information.
Solution:
A vendor update is available. Contact the vendor for more information.
References
XMB Forum Multiple Vulnerabilities
References:
References:
- Summary of Official Vendor Statements (XMB)
- XMB Forum Home Page (The XMB Group)
- [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta (Janek Vind
)