lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri Sep  2 17:30:23 2005
From: brian at phorum.org (Brian Moon)
Subject: Multiple Phorum XSS and Session Hijacking
	vulnerabilities

First, all issues that will allow any of the issues here to happen have 
been fixed.  With 5.0.18a, you can not use any method described below. 
We had the fixes done in less than 24 hours.

Now, what a professional and responsible post.  I normally don't reply 
to these emails, but this person has misrepresented the communications 
we had with him.  It makes me not want to communicate with people that 
report security flaws.  If I had known he would use my words out of 
context this way, I would have just released the new version and ignored 
his email.

"Scott" clearly has another agenda here.  That is to discredit 
applications and promote interests of his own.  The mention of IPB 
specifically makes that clear.

Brian Moon
Phorum Dev Team

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ