| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Dec 2005 10:29:11 -0500 (EST) From: Paul Laudanski <zx@...tlecops.com> To: bugtraq@...urityfocus.com Subject: phpbb2.0.19 fixes security issues re: http://www.phpbb.com/phpBB/viewtopic.php?t=352966 [Sec] fixed XSS issue (only valid for Internet Explorer) within the url bbcode [Sec] fixed XSS issue (only valid for Internet Explorer) if html tags are allowed and enabled [Sec] added configurable maximum login attempts to prevent dictionary attacks Other fixes: [Fix] corrected index on session keys table under MS SQL [Fix] added session keys table to backup [Fix] delete session keys entries when deleting user [Fix] changes to support MySQL 5.0 [Fix] changes to some of the admin files to improve efficiency and remove a potential error condition when building the menu [Fix] change truncation of username length in usercp_register.php - BFUK [Fix] incorrect path to avatars in admin_users.php (Bug #667) [Fix] fixed get_userdata to support correct sql escaping (non-mysql dbs) - jarnaez [Fix] fixed captcha for those not having the zlib extension enabled [Change] Placed version information above who is online in admin panel for better visual presence -- Paul Laudanski, Microsoft MVP Windows-Security [cal] http://events.castlecops.com [de] http://de.castlecops.com [en] http://castlecops.com [wiki] http://wiki.castlecops.com [family] http://cuddlesnkisses.com
Powered by blists - more mailing lists