lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Aug 2013 04:43:48 +0000 From: Moritz Naumann <security@...itz-naumann.com> To: full-disclosure@...ts.grok.org.uk Subject: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities According to http://simplemachines.org/community/?topic=509417#msg3592194 Simple Machines Forum <= 2.0.5 (but > 1.1.*) is vulnerable to one or more (currently undocumented) security issues. The changes between v2.0.4 and 2.0.5 can be reviewed at http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.5.tar.gz;smf_version=2.0.4 This is just a heads up, I haven't tried to look into those in detail. CVE folks: If you'll handle this, please also check the last ones: http://simplemachines.org/community/?topic=496403.0 http://osvdb.org/show/osvdb/92745 http://osvdb.org/show/osvdb/88909 Moritz -- Naumann IT Security Consulting Samariterstr. 16 10247 Berlin Germany _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/