[VIM] MaxWebPortal acknowledgement - but for what?
Steven M. Christey
coley at mitre.org
Fri May 13 22:15:14 EDT 2005
from http://www.maxwebportal.com/announcements.asp#48
"MaxWebPortal Version 1.36
MaxWebPortal Version 1.36 - Keeping MaxWebPortal Secure
All security fixes have been thoroughly tested in all supported
operating systems and databases... Special thanks to Zinho from
SecurityForge for auditing the source code. Thanks to mAtrix for
fixing the injection bugs and to all who participated in testing."
The announcement isn't dated, and their forums are currently down, and
they have other recent vuln's announced. So at this instant it's not
clear whether they're talking about these issues:
BUGTRAQ:20050511 [HSC Security Group] MaxWebPortal - Multiple SQL
injection/XSS
MISC:http://www.hackerscenter.com/archive/view.asp?id=2542
... or some other set of issues.
Can't find an email POC, either...
- Steve
More information about the VIM
mailing list