[VIM] WoltLab security question
security curmudgeon
jericho at attrition.org
Wed May 11 02:40:56 EDT 2005
I am trying to ascertain if a recent security posting is the same issue
listed on various security sites.
http://www.woltlab.com/news/399_en.php
04-19-2005 06:45pm
Security Update for Burning Board 2 and Burning Board Lite released
Today we have been notified about a possible security hole in all
Burning Board and Burning Board Lite versions. We have fixed the problem
and provide you the update files for versions 2.0.3, 2.1.5, 2.2.1 and
2.3.1 in the members area. The download of the fixed Burning Board Lite
version can be found in Products -> Burning Board Lite.
Checking the CVE project (http://cve.mitre.org) and OSVDB
(http://osvdb.org), the following vulnerabilities are listed in the rough
time frame:
15907 WoltLab Burning Board pms.php folderid Variable XSS
Apr 24, 2005
15807 WoltLab Burning Board thread.php hilight Variable XSS
Apr 22, 2005
14356 WoltLab Burning Board session.php Multiple Parameter SQL Injection
Mar 3, 2005
The date of the posting above puts it between the session.php and
thread.php issues. Can you please verify if the posting above relates to
one of these two issues, the date is incorrect and it pertains to another
issue afterwards, or if it is an entirely different vulnerability?
Thanks!
Brian Martin
OSVDB.org
More information about the VIM
mailing list