CVE-2005-2059
published 2005-06-29CVE-2005-2059: Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in…
PriorityP417medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
0.96%
57.1th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubbcentral | ubb.threads | <= 6.5.1.1 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9r2w-p922-mx3m: Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress
ghsa_unreviewed·2022-05-01
CVE-2005-2059 [MEDIUM] CWE-352 GHSA-9r2w-p922-mx3m: Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.
Red Hat
rpm: fails to drop SUID/SGID bits on package removal
vendor_redhat·2010-06-01·CVSS 7.2
CVE-2005-4889 [HIGH] rpm: fails to drop SUID/SGID bits on package removal
rpm: fails to drop SUID/SGID bits on package removal
lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.
No detection rules found.
No public exploits indexed.
http://marc.info/?l=bugtraq&m=111963737202040&w=2http://www.gulftech.org/?node=research&article_id=00084-06232005http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351http://marc.info/?l=bugtraq&m=111963737202040&w=2http://www.gulftech.org/?node=research&article_id=00084-06232005http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351
2005-06-29
Published