lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6130FAF67D15D411BF7100E01899071F866500@stork.mightyoaks.local>
From: david.vincent at mightyoaks.com (David Vincent)
Subject: New phpBB ViewTopic.php Cross Site Scriptin
	g Vulnerability (with fix)

> On 02/28/04 Cheng Peng Su released the following Advisory:
> 
> ################################################
> Advisory Name:New phpBB ViewTopic.php Cross Site Scripting 
> Vulnerability
> Release Date: Feb 29,2004
> Application: phpBB
> Platform: PHP
> Version Affected: the lastest version
> Vendor URL: http://www.phpbb.com/
> Discover: Cheng Peng Su(apple_soup_at_msn.com)
> ################################################
> 
> Details:
> ~    This vuln is similar to Arab VieruZ's advisory 'XSS bug in
> phpBB',this time the problem is not in 'highlight' ,but in
> 'postorder'.we can inject HTML code,such code could be used to steal
> cookie information.


exactly what version is this?  they've released a new one as of March 01.

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=177594

new version is 2.0.6d.

-d


Powered by blists - more mailing lists