lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0512301027230.531-100000@bugsbunny.castlecops.com>
Date: Fri, 30 Dec 2005 10:29:11 -0500 (EST)
From: Paul Laudanski <zx@...tlecops.com>
To: bugtraq@...urityfocus.com
Subject: phpbb2.0.19 fixes security issues


re: http://www.phpbb.com/phpBB/viewtopic.php?t=352966

[Sec] fixed XSS issue (only valid for Internet Explorer) within the url bbcode 
[Sec] fixed XSS issue (only valid for Internet Explorer) if html tags are allowed and enabled 
[Sec] added configurable maximum login attempts to prevent dictionary attacks

Other fixes:

[Fix] corrected index on session keys table under MS SQL 
[Fix] added session keys table to backup 
[Fix] delete session keys entries when deleting user 
[Fix] changes to support MySQL 5.0 
[Fix] changes to some of the admin files to improve efficiency and remove a potential error condition when building the menu 
[Fix] change truncation of username length in usercp_register.php - BFUK 
[Fix] incorrect path to avatars in admin_users.php (Bug #667) 
[Fix] fixed get_userdata to support correct sql escaping (non-mysql dbs) - jarnaez 
[Fix] fixed captcha for those not having the zlib extension enabled 
[Change] Placed version information above who is online in admin panel for better visual presence 

-- 
Paul Laudanski, Microsoft MVP Windows-Security
[cal] http://events.castlecops.com
[de] http://de.castlecops.com
[en] http://castlecops.com
[wiki] http://wiki.castlecops.com
[family] http://cuddlesnkisses.com




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ