Bugtraq mailing list archives
EXEC exploit in phpBB - new release
From: "Paul S. Owen" <paul0x01 () starstreak net>
Date: Thu, 18 Nov 2004 23:43:44 -0000
With reference to the exec exploit in phpBB. A new release, phpBB 2.0.11 is now available (in all usual forms) from our site, www.phpbb.com. For those users not wishing to upgrade we strongly urge (again) you at least implement the fix posted previously to bugtraq (see http://www.phpbb.com/phpBB/viewtopic.php?t=240513). Again, may I urge all those who discover exploits in any application, inform the authors first. If you (and indeed the authors) find no way to take advantage of the exploit, and subsequently do discover a method, again inform the authors. At www.phpbb.com we maintain a security tracker (www.phpbb.com/security/) which gives both private (for as yet undisclosed issues) and public (for fixed or invalid issues) access to note issues with our software. Please use it! psoTFX, phpbb.com
Current thread:
- EXEC exploit in phpBB - new release Paul S. Owen (Nov 19)