| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Jun 2004 02:12:11 +0200 From: "JvdR" <thewarlock@...e.nl> To: "Mike Healan" <mike@...wareinfo.com> Cc: <bugtraq@...urityfocus.com> Subject: Re: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final. Dear Mike, The CSS vulnerabilities are based on previous versions of IPB, the vendor did not feel to fix them with update 1.3 > 1.3.1 final. see http://securityfocus.com/bid/9768 Multiple SQL Injection Vulnerabilities were already found in IPB, http://securityfocus.com/bid/7290 http://securityfocus.com/bid/9232 The problem that the vendor did fix was a vulnerability in the calendar. http://securityfocus.com/bid/9353 In history IPB was more than once vulnerable to SQL injections of the same type, so there is no reason to provide them with old information. An other reason is that those kinds of vulns. are common, old news.... a query in google results in 100.000 full instructions to exploit them, for ISP's it's quite easy to block these requests and minimize the risks. > Mike Healan wrote: > Where is the vendor response to this? From what I can see at their > support site, they've never heard of these two problems. > > Let me guess, you never bothered to contact them and instead elected to > publicize full instructions to exploit software in use at over 100,000 > web sites? BR, Jan van de Rijt. ---> http://members.home.nl/thewarlock
Powered by blists - more mailing lists