[VIM] Helm Control Panel followup
security curmudgeon
jericho at attrition.org
Fri Apr 14 05:19:47 EDT 2006
: > http://www.webhostautomation.com/webhost-301
:
: CVE missed it the first time around, and it looks like some other vdbs
: have, but the entry for 3.2.9 has fairly clear acknowledgement of
: CVE-2006-0211:
:
: 3.2.9
: -------
: ...
: Fixed XSS issue in password reminder page
been on my to-do list, I dug up the following from the Helm changelog a
while back but just now got around to adding entries. I didn't make an
entry for the 3.1.9 'overflow error with account limits' because something
just doesn't sound right about it. sounds like *maybe* a crash at best,
but its just a hunch on the limited wording. i also couldn't dig up dates
for the 3.1.14 (or prior) stuff, only figuring out they are all from
before Mar 2004. Also note, the "default page xss" from below is different
than the 2006-03-27 one (OSVDB 24126).
--
http://www.webhostautomation.com/webhost-301
3.2.6 (2005-08-30)
Fixed XSS entry in default page
http://www.webhostautomation.com/webhost-393
3.1.14
Fixed security issue: Reseller plan and package access
3.1.9
Fixed overflow error with account limits
3.1.2
Fixed FTP issue where users were able to take over
3.1
Fixed integer overflow error in statistics
More information about the VIM
mailing list