lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20031104111538.27481.qmail@sf-www1-symnsj.securityfocus.com>
Date: 4 Nov 2003 11:15:38 -0000
From: <bruce@...wizguide.info>
To: bugtraq@...urityfocus.com
Subject: Re: Unauthorized access in Web Wiz Forum


In-Reply-To: <020a01c3a126$9b91aaf0$0bd3bdd5@...killer>

The following issue has been resolved with release 7.51 of Web Wiz Forums.

The updated version, 7.51, that has corrected this vulnerability can be downloaded from:-

http://www.webwizforums.com
>
>
>Unauthorized access in Web Wiz Forum
>
>A vulnerability has found in  Web Wiz Forum (6.34, 7.01, 7.5). Remote user
>(authenticated or not) can read message in private forum. Remote user can
>post message in private forum.
>
>Software does not compare message to forum, when "quote" mode is used. In
>result, remote user (authenticated or not) can read and post message in
>private forum, to which he hasn't access.
>
>thanks to Tecklord, Pharaoh and other moderator of
>http://Forum.SecurityLab.ru

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ