oss-sec mailing list archives
CVE request: Four issues in PunBB
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 9 Dec 2008 13:52:15 +0100
Hi, From http://punbb.informer.com/ Fixed in 1.3.2: * an XSS vulnerability in login.php; * a possible SQL-injection in the the admin settings page with permission config values; * a possible SQL-injection in the the admin users page. Fixed in 1.3.1: * XSS vulnerability via topic subjects in moderate.php is fixed (reported by PHPLizardo). -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://www.jukss.de/ Jugemdumweltkongress, 27.12.-4.1.
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: Four issues in PunBB Hanno Böck (Dec 09)
- Re: CVE request: Four issues in PunBB Steven M. Christey (Dec 16)