Jessica Hope

Name of the Vulnerable Software and Affected Versions: Simple Machines Forum versions 1.0.x through 1.0.12 Simple Machines Forum versions 1.1.x through 1.1.4 Description: The issue is related to the use of the html-tag and may be a cross-site scripting (XSS) vulnerability, although the exact impact and attack vectors are unknown. Recommendations: For Simple Machines Forum versions 1.0.x through 1.0.12, update to version 1.0.13. For Simple Machines Forum versions 1.1.x through 1.1.4, update to version 1.1.5.

Name of the Vulnerable Software and Affected Versions: Simple Machines Forum (SMF) versions 1.1.x before 1.1.5 Simple Machines Forum (SMF) versions 1.0.x before 1.0.13 Description: The issue is related to the improper seeding of the random number generator in Simple Machines Forum (SMF) when running in PHP before 4.2.0. This has an unknown impact and attack vectors. Recommendations: For Simple Machines Forum (SMF) versions 1.1.x before 1.1.5, update to version 1.1.5 or later. For Simple Machines Forum (SMF) versions 1.0.x before 1.0.13, update to version 1.0.13 or later.

**Name of the Vulnerable Software and Affected Versions** vBulletin versions 3.6.10 through 3.7.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly through an obscure method related to the redirect parameter in the Admin Control Panel, specifically the "admincp/index.php" endpoint. **Recommendations** For versions 3.6.10 and 3.7.1, consider restricting access to the Admin Control Panel to minimize the risk of exploitation until a fix is available. Avoid using the redirect parameter in the "admincp/index.php" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Simple Machines Forum (SMF) version 1.1.4 **Description** The issue allows remote attackers to bypass the CAPTCHA test through an automated attack, considering Hamming distances, due to the reliance on "randomly generated static" to prevent brute-force attacks on the WAV file (audio) CAPTCHA. **Recommendations** For Simple Machines Forum (SMF) version 1.1.4, consider implementing additional security measures to strengthen the CAPTCHA system, such as enhancing the randomness of the static generation or using alternative CAPTCHA methods. As a temporary workaround, restrict access to sensitive areas of the forum that rely on the CAPTCHA test to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Simple Machines Forum (SMF) versions 1.0.7 and earlier Simple Machines Forum (SMF) version 1.1rc2 and earlier **Description** The issue allows remote attackers to more easily spoof the IP address and evade banning via a modified `X-Forwarded-For` HTTP header. This header is preferred over other more reliable sources for the IP address. **Recommendations** For Simple Machines Forum (SMF) versions 1.0.7 and earlier, consider updating to a newer version to mitigate the risk, although the exact fix version is not specified. For Simple Machines Forum (SMF) version 1.1rc2 and earlier, consider updating to a newer version to mitigate the risk, although the exact fix version is not specified. As a temporary workaround, consider restricting the use of the `X-Forwarded-For` HTTP header to minimize the risk of IP address spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Machines Forum (SMF) versions 1.1 Final and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the contents of a file uploaded with the `image` parameter set. This can be interpreted as script by Internet Explorer's automatic type detection. **Recommendations** For Simple Machines Forum (SMF) versions 1.1 Final and earlier, as a temporary workaround, consider restricting the upload of files with the `image` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DeluxeBB versions prior to 1.08 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the `membercookie` cookie in `header.php` and the `redirect` parameter in `misc.php`. **Recommendations** For DeluxeBB versions prior to 1.08, update to version 1.08 or later to resolve the issue. As a temporary workaround, consider restricting access to the `header.php` and `misc.php` files to minimize the risk of exploitation. Avoid using the `membercookie` cookie and the `redirect` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** DeluxeBB versions 1.07 and earlier **Description** The issue allows remote attackers to bypass SQL injection protection mechanisms. This can be achieved by using lowercase statements such as `union select` in the `login` variable and certain other variables, which do not match the uppercase `UNION SELECT` that the protection mechanisms are looking for. **Recommendations** For DeluxeBB versions 1.07 and earlier, as a temporary workaround, consider restricting the use of the `login` variable and other vulnerable variables in SQL queries until a patch is available. Avoid using the `union select` statement in affected API endpoints, such as "/api/v1/login", until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DeluxeBB versions 1.07 and earlier **Description** The issue allows remote attackers to overwrite certain variables, including ` GET`, ` POST`, ` ENV`, and ` SERVER`, via the ` COOKIE` variable. This can occur during an extract function call and may lead to security issues due to the "pollution of the global namespace." **Recommendations** For DeluxeBB versions 1.07 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DeluxeBB versions 1.07 and earlier **Description** The issue allows remote attackers to bypass authentication, spoof users, and modify settings. This is achieved via the `memberpw` and `membercookie` cookies. **Recommendations** For DeluxeBB versions 1.07 and earlier, consider updating to a version that contains a fix for this issue, as using older versions poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DeluxeBB versions 1.07 and earlier **Description** The issue arises from improper handling of a username consisting of a single space character. This allows remote authenticated users to login as the "space" user, post as the guest user, and prevent an administrator from banning the "space" user. **Recommendations** For DeluxeBB versions 1.07 and earlier, update to a version that properly handles usernames to prevent exploitation.