lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041118123055.28647.qmail@mail.securityfocus.com> Date: Thu, 18 Nov 2004 12:33:45 -0000 From: "Paul S. Owen" <paul0x01@...rstreak.net> To: <bugtraq@...urityfocus.com> Subject: EXEC exploit in phpBB - fix Following additional information supplied to us by a party other than "howdark.com" we can confirm the existence of a serious exploit in phpBB, in all versions below 2.0.11. We will not post concept of proof information given the seriousness of this issue. Unfortunately howdark.com group have chosen to as a personal vendetta against phpbb.com. We are preparing full, changed files and patch based releases which fix this issue (and several other bugs/issues). While we are testing this we urge all phpBB users to implement the fix given in the following announcement at phpbb.com: http://www.phpbb.com/phpBB/viewtopic.php?t=240513 Please spread this information far and wide, all hosting providers if possible please inform your users. Anyone copying the howdark.com exploit _please_ ensure you also include details of the fix noted in the above post! PS: Thanks to the bugtraq moderators for moderating out a previous post of mine, ta muchly for that :)
Powered by blists - more mailing lists