lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: girl at (gp)
Subject: Multiple XSS Vulnerabilities in several
	UBB.Thread Versions

Vendor: Infopop
tested Versions: 6.2.3 & 6.5
remote: yes
vendor notified: 06 Dec 2004 at 01:08 AM
Vendor response: 06/07 Dec 2004 01:33 AM/06:08 PM
Update status: process


UBBThreads is a High end forum system, powered under
PHP and MySQL with many attitude.
A security vulnerability in both (6.2.3 & 6.5) products
allow malicious users to steal session cookies, but
probably more versions are vulnerable.

Examples in Version 6.2.3:


tested modules are:
main, search, newuser, login, online, faq, ect..

some of these were fixed in Version 6.5.
It follows the not fixed..

Examples in version 6.5:





Vulnerabilities will be fixed in the next release,
Version 6.5.1. Since March 2004, Infopop offers no longer
support for any version of UBB.classic or UBB.threads
prior to Version 6.0.


dw.; ms.; ect.

kind regards
g@cat <-> MM

This email was sent using FREE Catholic Online Webmail!

Powered by blists - more mailing lists