SimpleBBS User Information Disclosure - Secunia Advisories - Vulnerability Intelligence

SimpleBBS User Information Disclosure
Secunia Advisory:	SA8263	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2003-03-11
Popularity:	4,244 views

Critical:	Moderately critical
Impact:	Exposure of sensitive information
Where:	From remote
Solution Status:	Vendor Patch

Software:	SimpleBBS 1.x

Subscribe:	Instant alerts on relevant vulnerabilities

Description: An access control error in SimpleBBS can be exploited by malicious people to gain knowledge of sensitive information. Anyone can access the user database stored in the php file "users.php". This contains various user information including md5-encoded passwords. Solution: Update to version 1.0.7: http://www.simplemedia.org/?view=prod...mp;s=449e3c04e277083175c79748234f41c0 Provided and/or discovered by: flur

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

10th Oct, 2008

Moderately // 441 views

Moderately // 439 views

Highly // 668 views

Moderately // 476 views

Highly // 483 views

Not // 524 views

Moderately // 770 views

Moderately // 467 views

Moderately // 810 views

Not // 535 views

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1.	Subdreamer Light Global Variables SQL Injection Vulnerability // 28 views
2.	FUJITSU Interstage Products Apache Tomcat Security Bypass // 26 views
3.	CA ARCserve Backup Multiple Vulnerabilities // 25 views
4.	Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow // 24 views
5.	CUPS Multiple Vulnerabilities // 21 views
6.	Gentoo Portage Insecure Python Module Search Path Security Issue // 20 views
7.	Apple Mac OS X Security Update Fixes Multiple Vulnerabilities // 19 views
8.	Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities // 19 views
9.	Zeroboard Multiple Vulnerabilities // 18 views
10.	ScriptsEz Easy Image Downloader "id" File Disclosure Vulnerability // 18 views