CVE-2013-0192
published 2020-02-07CVE-2013-0192: File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
PriorityP432medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EXPLOIT
EPSS
3.76%
88.5th percentile
File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simplemachines | simple_machines_forum | <= 2.0.3 | — |
| smf | smf | <= 2.0.3 | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2009-5066 JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing
bugzilla·2012-07-24·CVSS 2.1
CVE-2009-5066 [LOW] CVE-2009-5066 JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing
CVE-2009-5066 JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing
twiddle.sh accepts credentials as command line arguments. A local attacker could exploit this flaw by reading the credentials from a process listing.
Discussion:
This issue has been addressed in following products:
JBoss Enterprise Application Platform 5.2.0
Via RHSA-2013:0194 https://rhn.redhat.com/errata/RHSA-2013-0194.html
---
This issue has been addressed in following products:
JBEAP 5 for RHEL 5
Via RHSA-2013:0192 https://rhn.redhat.com/errata/RHSA-2013-0192.html
---
This issue has been addressed in following products:
JBEAP 5 for RHEL 6
Via RHSA-2013:0191 https://rhn.redhat.com/errata/RHSA-2013-0191.html
---
This issue has been address
Bugzilla
CVE-2011-4575 JMX Console: XSS in invoke operation
bugzilla·2011-12-06·CVSS 4.3
CVE-2011-4575 [MEDIUM] CVE-2011-4575 JMX Console: XSS in invoke operation
CVE-2011-4575 JMX Console: XSS in invoke operation
The parameters passed to operation invocations on the JMX console are not properly sanitized. Remote attackers can use this flaw to inject arbitrary web script or HTML into the JMX console.
Discussion:
Acknowledgment:
Red Hat would like to thank Tyler Krpata for reporting this issue.
---
This issue has been addressed in following products:
JBoss Enterprise Application Platform 5.2.0
Via RHSA-2013:0194 https://rhn.redhat.com/errata/RHSA-2013-0194.html
---
This issue has been addressed in following products:
JBEAP 5 for RHEL 5
Via RHSA-2013:0192 https://rhn.redhat.com/errata/RHSA-2013-0192.html
---
This issue has been addressed in following products:
JBEAP 5 for RHEL 6
Via RHSA-2013:0191 https://rhn.redhat.com/errata/RHSA-201
http://www.openwall.com/lists/oss-security/2013/01/17/5http://www.openwall.com/lists/oss-security/2013/01/31/1http://www.openwall.com/lists/oss-security/2013/02/01/4http://www.openwall.com/lists/oss-security/2013/01/17/5http://www.openwall.com/lists/oss-security/2013/01/31/1http://www.openwall.com/lists/oss-security/2013/02/01/4
2020-02-07
Published