Home
Home

Directory
Directory

Articles
Internet News
Security News
Ecommerce News
Domain News

Site Tools
Site Speed Test
Keyword Research
Resolve Hostname
DNS Tools
Register Domains
Affiliate Programs
Open Source

Shopping Carts
Cart Reviews
SSL Certificates

Enter your email address to subscribe to our updates:

Delivered by FeedBurner


Venue Charts
Channel Traffic Rankings
OAI Stock Quotes and Charts
eBay's Worst Feedback

Forum
Forum Home
TulipTools News
Advertising
Blogging
Computer Hardware
Domain Names
Ecommerce
Financing
Int'l Trading
Graphics and HTML
Internet Access
Legal Issues
Internet Business
Auction Sites
Classified Ad Sites
Fixed Price Venues
Operating Systems
Programming
Search Engines
Internet Security
Software
Web Hosting
Webmaster Issues
Reviews
Announcements
Off Topic Discussion

Web Hosting
TulipHosting

Domain Names
TulipDomains

Web Stats
TulipStats

Forum Rules
Forum Rules
Privacy Policy

Site Map
Forum Sitemap
Sitemap Topics




Directory| Forums| Internet News|Cart Reviews| DNS Tools| Keyword Research| Site Speed Test| Security| | Domain Marketplace| Domain Blog
TulipTools Internet Business Owners and Online Sellers Community
  • Home
  • Search
  • Member List
  • Calendar
Hello There, Guest! Login Register
TulipTools Internet Business Owners and Online Sellers Community › Blogs and Blogging, Web 2.0 › Blogs and Blogging, Web 2.0 › Community Building and Social Networking v
« Previous 1 2 3 4 5 6 Next »

Security Alert: latest version of phpBB 2.0.19 has 3 unpatched security holes

  
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode | Linear Mode
Security Alert: latest version of phpBB 2.0.19 has 3 unpatched security holes
01-30-2006, 01:34 PM, (This post was last modified: 03-26-2006, 05:34 PM by regic.)
Post: #1
mandy Offline
Administrator
*******
Posts: 9,932
Likes Given: 0
Likes Received: 6 in 5 posts
Joined: Feb 2011
Reputation: 0
Security Alert: latest version of phpBB 2.0.19 has 3 unpatched security holes
The latest version of CrapwareBB has a security hole.  What else is new.  :Smile

This vulnerability affects ALL versions of phpBB

more info:

http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5941&title=phpBB%202.0.19%20search.php%20and%20profile.php%20DOS%20Vulnerability

http://www.securityfocus.com/archive/1/4...0/threaded

No fix available yet so anyone running the software is screwed Common051

Edit:  Thread title edited by Regic 3/26/06 Smile
Like Post Reply
[+]
03-26-2006, 05:33 PM,
Post: #2
regic Offline
Administrator
*******
Posts: 2,825
Likes Given: 0
Likes Received: 2 in 2 posts
Joined: Jul 2005
Reputation: 0
Security Alert: latest version of phpBB 2.0.19 has 3 unpatched security holes
Unpatched in all versions-including the latest 2.019 version-of phpbb

1. phpBB "gen_rand_string()" Predictable RNG Weakness: can be exploited by malicious people to change other user's passwords.  Successful exploitation requires knowledge of a user's username and e-mail address.

http://secunia.com/advisories/18727/

2. phpBB "Referer" Header Session ID Disclosure: can be exploited by malicious people to disclose sensitive information. This can e.g. be exploited to disclose the administrator's session ID by tricking the administrator into viewing a malicious user's profile containing an external avatar image. Successful exploitation may open up for various cross-site request forgery and cross-site scripting attack

http://secunia.com/advisories/18693/

3. phpBB "Allow HTML" Script Insertion Security Issue: can be exploited by malicious people to conduct script insertion attacks.  The security issue was inadequate fixed in version 2.0.19. It has been confirmed that it is possible to bypass the fix by using single-quote characters instead of double-quote characters

There are 53 other security vulnerabilities that affect earlier versions of phpbb:

http://secunia.com/search/?search=phpbb

SMART ADVICE FOR "CrapwareBB" users: use different forum software. PHPBB has been a security nightmare for 5 years.
Like Post Reply
[+]
03-26-2006, 08:04 PM,
Post: #3
jezebel Offline
Tulip Fanatic
*******
Posts: 1,385
Likes Given: 0
Likes Received: 0 in 0 posts
Joined: Jul 2005
Reputation: 0
Re: Security Alert: latest version of phpBB 2.0.19 has 3 unpatched security holes
sucks  
v. sucked, suck·ing, suck
v. intr.

  1. To draw something in by or as if by suction: felt the drain starting to suck.
  2. To draw nourishment; suckle.
  3. To make a sound caused by suction.
  4. Vulgar Slang. To be disgustingly disagreeable or offensive.
  5. Vulgar Slang. To emulate phpBB's security problems

n.

  1. The act or sound of sucking.
  2. Suction.
  3. Something drawn in by sucking.
  4. phpBB
Like Post Reply
[+]
03-27-2006, 04:41 AM,
Post: #4
bargainbloodhound Offline
Lawnmower Mouth
********
Posts: 4,372
Likes Given: 0
Likes Received: 4 in 4 posts
Joined: Jul 2005
Reputation: 0
Re: Security Alert: latest version of phpBB 2.0.19 has 3 unpatched security holes
:lol14n:
"Well, Jay was so giddy that someone named Jay was involved with this site we posted our first non-eBay listing in 3 years here at Lunarbid (we tried two items at Yahoo once upon a time, they bombed)" -Marie posting in a LunarBid thread at OTWA in 2005 wins the award for 'most moronic reason ever given for choosing a venue"

"thanks twat u must have nothing better 2 do. do u talk to all your members like that. will not be recomending your site.
best way to put it is TULIPTOOLS.COM IS REALLY SHIT. DONT JOIN." -pubescent owner of rinky dink off2auction.com in 2011
Like Post Reply
[+]
« Next Oldest | Next Newest »




Possibly Related Threads…
Thread Author Replies Views Last Post
  The Latest Teen Craze: Social Dieting mandy 1 2,616 03-31-2007, 08:06 PM
Last Post: rose
  MSN Blockades phpBB Searchers mandy 1 2,869 01-20-2006, 04:58 PM
Last Post: jezebel

  • View a Printable Version
  • Send this Thread to a Friend
  • Subscribe to this thread
Forum Jump:


Users browsing this thread: 1 Guest(s)
  • Contact Us
  • TulipTools Internet Business Owners and Online Sellers Community
  • Return to Top
  • Lite (Archive) Mode
  • RSS Syndication
  • Help
Current time: 07-09-2025, 10:00 PM Powered By MyBB, © 2002-2025 MyBB Group. Theme created by Justin S.
powered by Apache

powered by Linuxpowered by CentOS

Copyright 2000-2013 TulipTools.com. All rights reserved.