oss-sec mailing list archives
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 25 Sep 2013 12:07:32 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/25/2013 10:45 AM, Henri Salo wrote:
On Wed, Sep 25, 2013 at 02:33:14PM +0000, Moritz Naumann wrote:This CSRF doesn't work for me on two 2.0.4 installations I tested on.You are correct.Both return Unable to verify referring url. Please go back and try again.Actual error message for me: "Your session timed out while posting. Please go back and try again." I'm really sorry about this. I even tested using different computer so I don't know what I previously did wrong/different. Thank you for correcting this. --- Henri Salo
So to confirm: the XSS are legit, the CSRF is confirmed to not work? thanks. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSQyZkAAoJEBYNRVNeJnmT8bYP/3yOts16Cnj16c3tSBU8VIkM 5SnB5xdCijsJ46m8X6CcsdHE78jYI+3hc+8OCqnUim+ukyN1wlRDBwNvmSkj4bjG JneJowablkQ3nS44rOjh/mRV1U9HLfZYttKUfhc3O3SMcMxBVx6QEO811dTAN8r7 TZ90lR1Qgr/g5H6Ka74LlFaNH+8iPF7kjxTWWowp1Un45ptxnNtVORHr9/BVA5yG DHd8SlG+aSyZsEdbN2F8MlCyt1SmrG90OQ22Bg2P/M8U1gASo84vvgheBhHqoyEm P2fPAdpzqKi7XZGtxVXChttRVqxbS2OW2GxsbbFcFLJXeYQJDiJqyENxlO8TAh52 UV+MOdRhMaBCAaciEcmCGck0SyN7/ySGQ+k9oHSOJLVa2vykJFuoVY0EBUSb8aZv G7Aev6pewx/T4ryc75MvVxstkc8QaRxgLUJ44DHQN50AhDyfNgjotEaVd2tQ7YvV Jnr7BexNiWRdGFGmDBTp7Ggqc17dTUyyIFr4FFBpUehp5Ot+DI69ANFwYwIiSQxl 4tjg7gCy9OzkVwtnA+3JtrZYfBa4Kws3EHHAz1b1zYWx3do5pOcG9994e/WFArBc 0zy/7JE5JPdypoCrsbE24hLiAW4V3x8MWONzECMWX+Lkzp2yLHrFLbREi5wCMXhk ErLr2YveBZT70qikdnlv =dUD4 -----END PGP SIGNATURE-----
Current thread:
- CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 15)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 16)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 24)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Moritz Naumann (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 24)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 16)