[VIM] Re: WoltLab security question (fwd)
security curmudgeon
jericho at attrition.org
Tue May 17 15:11:54 EDT 2005
---------- Forwarded message ----------
From: WoltLab GmbH Team <woltlab at woltlab.org>
To: security curmudgeon <jericho at attrition.org>
Date: Tue, 17 May 2005 16:39:53 +0200
Subject: Re: WoltLab security question
Dear security curmudgeon,
all vulnerabilities are fixed in our new version 2.3.2:
http://www.woltlab.de/news/405_en.php
> I am trying to ascertain if a recent security posting is the same issue
> listed on various security sites.
> http://www.woltlab.com/news/399_en.php
> 04-19-2005 06:45pm
> Security Update for Burning Board 2 and Burning Board Lite released
> Today we have been notified about a possible security hole in all
> Burning Board and Burning Board Lite versions. We have fixed the problem
> and provide you the update files for versions 2.0.3, 2.1.5, 2.2.1 and
> 2.3.1 in the members area. The download of the fixed Burning Board Lite
> version can be found in Products -> Burning Board Lite.
> Checking the CVE project (http://cve.mitre.org) and OSVDB
> (http://osvdb.org), the following vulnerabilities are listed in the rough
> time frame:
> 15907 WoltLab Burning Board pms.php folderid Variable XSS
> Apr 24, 2005
> 15807 WoltLab Burning Board thread.php hilight Variable XSS
> Apr 22, 2005
> 14356 WoltLab Burning Board session.php Multiple Parameter SQL Injection
> Mar 3, 2005
> The date of the posting above puts it between the session.php and
> thread.php issues. Can you please verify if the posting above relates to
> one of these two issues, the date is incorrect and it pertains to another
> issue afterwards, or if it is an entirely different vulnerability?
> Thanks!
> Brian Martin
> OSVDB.org
Thank you for using Burning Board,
The WoltLab GmbH Team
More information about the VIM
mailing list