oss-sec mailing list archives
CVE request: phpbb 3.0.7 and before 3.0.5
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 17 May 2010 00:33:31 +0200
http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195 Please assign cve. Cite: "Otherwise, it is possible for users to bypass permission settings under the following circumstances: * Feeds are enabled * Any of the posts or topics feeds are enabled * The unauthorised user - or one of the groups they are a member of - have forum permissions set on a private forum * If you have excluded a forum from the list of forums that provide feeds, it is unaffected" Also, I think this phpbb 3.0.5 still has no cve (I requested that before here): http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445 # [Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen) -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://schokokeks.org - professional webhosting
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: phpbb 3.0.7 and before 3.0.5 Hanno Böck (May 16)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Josh Bressers (May 18)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Steven M. Christey (May 18)
- <Possible follow-ups>
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Josh Bressers (May 18)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Hanno Böck (May 19)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Josh Bressers (May 19)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Steven M. Christey (May 19)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Hanno Böck (May 19)
- Message not available
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Thijs Kinkhorst (May 19)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Josh Bressers (May 18)