lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 22 May 2005 14:58:48 -0400 (EDT)
From: security curmudgeon <>
Subject: Re: Multiple Sql injection and XSS vulnerabilities in phpBB Plus
 v.1.52 and below and some of its modules.

On April 13, 2005, Diabolic Crab reported several vulnerabilities in phpBB 
Plus and other modules. From the post:

: Photo Album v2.0.53
: http://localhost/album_search.php?mode='SQL_INJECTION&search=dcrab

Looking at the vendor site [1], you can download the 2.0.53 version of 
this module ( and browse the files included. There is no 
"album_search.php" in it. This was confirmed by Smartor (the vendor) on 
May 22, 2005.



Powered by blists - more mailing lists