phpBB Updates

Rules, News, Announcements and so much more: We are here to inform you.

Moderators: macek, egami, gesf

User avatar
WiZARD
Moderator
Moderator
Posts: 1257
Joined: Thu Jun 20, 2002 10:14 pm
Location: Ukraine, Crimea, Simferopol
Contact:

phpBB Updates

Postby WiZARD » Fri Jul 08, 2005 12:18 am

PHPBB URL Tag BBCode.PHP Vulnerability

The phpbb vendor reports that a critical vulnerability exists in the BBCode handling routines of the 'bbcode.php' script.

The bbcode [url] tag is not properly sanitized of user-supplied input. This could permit the injection of arbitrary HTML or script code into the browser of an unsuspecting user in the context of the affected site.

PHPBB URL Tag BBCode.PHP Vulnerability

Class: Input Validation Error
CVE: CVE-MAP-NOMATCH
Remote: Yes
Local: No
Published: May 09 2005 12:00AM
Updated: Jun 02 2005 08:09PM
Credit: Discovery of this issue is credited to Papados.
Vulnerable:
phpBB Group phpBB 2.0.14
phpBB Group phpBB 2.0.13
phpBB Group phpBB 2.0.12
phpBB Group phpBB 2.0.11
phpBB Group phpBB 2.0.10
phpBB Group phpBB 2.0.9
phpBB Group phpBB 2.0.8 a
phpBB Group phpBB 2.0.8
phpBB Group phpBB 2.0.7 a
phpBB Group phpBB 2.0.7
phpBB Group phpBB 2.0.6 d
phpBB Group phpBB 2.0.6 c
phpBB Group phpBB 2.0.6
phpBB Group phpBB 2.0.5
phpBB Group phpBB 2.0.4
phpBB Group phpBB 2.0.3
phpBB Group phpBB 2.0.2
phpBB Group phpBB 2.0.1
phpBB Group phpBB 2.0 .0
phpBB Group phpBB 2.0 RC4
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 RC3
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 RC2
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 RC1
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 Beta 1
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9

Not Vulnerable:
phpBB Group phpBB 2.0.15

from www.securityfocus.com

User avatar
gesf
Moderator
Moderator
Posts: 1717
Joined: Sun Dec 29, 2002 5:03 am
Location: Portugal / Sweden
Contact:

Postby gesf » Fri Jul 08, 2005 3:54 am

Ops! What's this BBS version?
I like that CouCou box :D

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Postby Alexej Kubarev » Fri Jul 08, 2005 4:11 am

if you ment this forums version: always the latest :)

User avatar
gesf
Moderator
Moderator
Posts: 1717
Joined: Sun Dec 29, 2002 5:03 am
Location: Portugal / Sweden
Contact:

Postby gesf » Fri Jul 08, 2005 4:18 am

:D

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Postby Alexej Kubarev » Fri Jul 08, 2005 5:47 am

gesf: we are not THAT stupid... not yet anyways... oh well.. not that we know..
hehe..


Return to “News and Announcements”

Who is online

Users browsing this forum: No registered users and 1 guest