lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031104111538.27481.qmail@sf-www1-symnsj.securityfocus.com> Date: 4 Nov 2003 11:15:38 -0000 From: <bruce@...wizguide.info> To: bugtraq@...urityfocus.com Subject: Re: Unauthorized access in Web Wiz Forum In-Reply-To: <020a01c3a126$9b91aaf0$0bd3bdd5@...killer> The following issue has been resolved with release 7.51 of Web Wiz Forums. The updated version, 7.51, that has corrected this vulnerability can be downloaded from:- http://www.webwizforums.com > > >Unauthorized access in Web Wiz Forum > >A vulnerability has found in Web Wiz Forum (6.34, 7.01, 7.5). Remote user >(authenticated or not) can read message in private forum. Remote user can >post message in private forum. > >Software does not compare message to forum, when "quote" mode is used. In >result, remote user (authenticated or not) can read and post message in >private forum, to which he hasn't access. > >thanks to Tecklord, Pharaoh and other moderator of >http://Forum.SecurityLab.ru
Powered by blists - more mailing lists