lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041118232805.31607.qmail@mail2.securityfocus.com> Date: Thu, 18 Nov 2004 23:43:44 -0000 From: "Paul S. Owen" <paul0x01@...rstreak.net> To: <bugtraq@...urityfocus.com> Subject: EXEC exploit in phpBB - new release With reference to the exec exploit in phpBB. A new release, phpBB 2.0.11 is now available (in all usual forms) from our site, www.phpbb.com. For those users not wishing to upgrade we strongly urge (again) you at least implement the fix posted previously to bugtraq (see http://www.phpbb.com/phpBB/viewtopic.php?t=240513). Again, may I urge all those who discover exploits in any application, inform the authors first. If you (and indeed the authors) find no way to take advantage of the exploit, and subsequently do discover a method, again inform the authors. At www.phpbb.com we maintain a security tracker (www.phpbb.com/security/) which gives both private (for as yet undisclosed issues) and public (for fixed or invalid issues) access to note issues with our software. Please use it! psoTFX, phpbb.com
Powered by blists - more mailing lists