Security Alert: latest version of phpBB 2.0.19 has 3 unpatched security holes
|
01-30-2006, 01:34 PM,
(This post was last modified: 03-26-2006, 05:34 PM by regic.)
Post: #1
|
|||
|
|||
Security Alert: latest version of phpBB 2.0.19 has 3 unpatched security holes
The latest version of CrapwareBB has a security hole. What else is new. :
This vulnerability affects ALL versions of phpBB more info: http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5941&title=phpBB%202.0.19%20search.php%20and%20profile.php%20DOS%20Vulnerability http://www.securityfocus.com/archive/1/4...0/threaded No fix available yet so anyone running the software is screwed Edit: Thread title edited by Regic 3/26/06 |
|||
03-26-2006, 05:33 PM,
Post: #2
|
|||
|
|||
Security Alert: latest version of phpBB 2.0.19 has 3 unpatched security holes
Unpatched in all versions-including the latest 2.019 version-of phpbb
1. phpBB "gen_rand_string()" Predictable RNG Weakness: can be exploited by malicious people to change other user's passwords. Successful exploitation requires knowledge of a user's username and e-mail address. http://secunia.com/advisories/18727/ 2. phpBB "Referer" Header Session ID Disclosure: can be exploited by malicious people to disclose sensitive information. This can e.g. be exploited to disclose the administrator's session ID by tricking the administrator into viewing a malicious user's profile containing an external avatar image. Successful exploitation may open up for various cross-site request forgery and cross-site scripting attack http://secunia.com/advisories/18693/ 3. phpBB "Allow HTML" Script Insertion Security Issue: can be exploited by malicious people to conduct script insertion attacks. The security issue was inadequate fixed in version 2.0.19. It has been confirmed that it is possible to bypass the fix by using single-quote characters instead of double-quote characters There are 53 other security vulnerabilities that affect earlier versions of phpbb: http://secunia.com/search/?search=phpbb SMART ADVICE FOR "CrapwareBB" users: use different forum software. PHPBB has been a security nightmare for 5 years. |
|||
03-26-2006, 08:04 PM,
Post: #3
|
|||
|
|||
Re: Security Alert: latest version of phpBB 2.0.19 has 3 unpatched security holes
sucks
v. sucked, suck·ing, suck v. intr. 1. To draw something in by or as if by suction: felt the drain starting to suck. 2. To draw nourishment; suckle. 3. To make a sound caused by suction. 4. Vulgar Slang. To be disgustingly disagreeable or offensive. 5. Vulgar Slang. To emulate phpBB's security problems n. 1. The act or sound of sucking. 2. Suction. 3. Something drawn in by sucking. 4. phpBB |
|||
03-27-2006, 04:41 AM,
Post: #4
|
|||
|
|||
Re: Security Alert: latest version of phpBB 2.0.19 has 3 unpatched security holes
:lol14n:
"Well, Jay was so giddy that someone named Jay was involved with this site we posted our first non-eBay listing in 3 years here at Lunarbid (we tried two items at Yahoo once upon a time, they bombed)" -Marie posting in a LunarBid thread at OTWA in 2005 wins the award for 'most moronic reason ever given for choosing a venue"
"thanks twat u must have nothing better 2 do. do u talk to all your members like that. will not be recomending your site. best way to put it is TULIPTOOLS.COM IS REALLY SHIT. DONT JOIN." -pubescent owner of rinky dink off2auction.com in 2011 |
|||
« Next Oldest | Next Newest »
|
Possibly Related Threads… | |||||
Thread | Author | Replies | Views | Last Post | |
The Latest Teen Craze: Social Dieting | mandy | 1 | 2,444 |
03-31-2007, 08:06 PM Last Post: rose |
|
MSN Blockades phpBB Searchers | mandy | 1 | 2,707 |
01-20-2006, 04:58 PM Last Post: jezebel |
Users browsing this thread: 1 Guest(s)