[VIM] MaxWebPortal acknowledgement - but for what?
security curmudgeon
jericho at attrition.org
Fri May 13 22:38:00 EDT 2005
: from http://www.maxwebportal.com/announcements.asp#48
:
: "MaxWebPortal Version 1.36
:
: MaxWebPortal Version 1.36 - Keeping MaxWebPortal Secure
:
: All security fixes have been thoroughly tested in all supported
: operating systems and databases... Special thanks to Zinho from
: SecurityForge for auditing the source code. Thanks to mAtrix for fixing
: the injection bugs and to all who participated in testing."
:
: The announcement isn't dated, and their forums are currently down, and
: they have other recent vuln's announced. So at this instant it's not
: clear whether they're talking about these issues:
:
: BUGTRAQ:20050511 [HSC Security Group] MaxWebPortal - Multiple SQL
: injection/XSS
: MISC:http://www.hackerscenter.com/archive/view.asp?id=2542
:
: ... or some other set of issues.
:
: Can't find an email POC, either...
SecurityTracker had another bunch of MaxWebPortal vulns.
Apr 27 = big batch of SQL injection
http://www.hackerscenter.com/archive/view.asp?id=2542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1417
May 11 = big batch of SQL injection
http://securitytracker.com/alerts/2005/May/1013932.html
Look to be all different scripts with little or no overlap?
More information about the VIM
mailing list