Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

phpbb2.0.19 fixes security issues

from [Paul Laudanski] Network Security [Permanent Link]
Subject: phpbb2.0.19 fixes security issues
Date: Fri, 30 Dec 2005 10:29:11 -0500 (EST) 
re: http://www.phpbb.com/phpBB/viewtopic.php?t=352966

[Sec] fixed XSS issue (only valid for Internet Explorer) within the url bbcode 
[Sec] fixed XSS issue (only valid for Internet Explorer) if html tags are 
allowed and enabled 
[Sec] added configurable maximum login attempts to prevent dictionary attacks

Other fixes:

[Fix] corrected index on session keys table under MS SQL 
[Fix] added session keys table to backup 
[Fix] delete session keys entries when deleting user 
[Fix] changes to support MySQL 5.0 
[Fix] changes to some of the admin files to improve efficiency and remove a 
potential error condition when building the menu 
[Fix] change truncation of username length in usercp_register.php - BFUK 
[Fix] incorrect path to avatars in admin_users.php (Bug #667) 
[Fix] fixed get_userdata to support correct sql escaping (non-mysql dbs) - 
jarnaez 
[Fix] fixed captcha for those not having the zlib extension enabled 
[Change] Placed version information above who is online in admin panel for 
better visual presence 

-- 
Paul Laudanski, Microsoft MVP Windows-Security
[cal] http://events.castlecops.com
[de] http://de.castlecops.com
[en] http://castlecops.com
[wiki] http://wiki.castlecops.com
[family] http://cuddlesnkisses.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • phpbb2.0.19 fixes security issues, Paul Laudanski <=
Previous by Date:  [Full-disclosure] rssh: root privilege escalation flaw, Derek Martin
Next by Date:  Secunia Research: TUGZip ARJ Archive Handling Buffer Overflow Vulnerability, Secunia Research
Previous by Thread:  [Full-disclosure] rssh: root privilege escalation flaw, Derek Martin
Next by Thread:  Secunia Research: TUGZip ARJ Archive Handling Buffer Overflow Vulnerability, Secunia Research
Indexes:  [Date] [Thread] [Top] [All Lists]