Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 May 2010 00:33:31 +0200
From: Hanno Böck <>
Cc: coley <>, Josh Bressers <>
Subject: CVE request: phpbb 3.0.7 and before 3.0.5

Please assign cve. Cite:
"Otherwise, it is possible for users to bypass permission settings under the 
following circumstances:

    * Feeds are enabled
    * Any of the posts or topics feeds are enabled
    * The unauthorised user - or one of the groups they are a member of - have 
forum permissions set on a private forum
    * If you have excluded a forum from the list of forums that provide feeds, 
it is unaffected"

Also, I think this phpbb 3.0.5 still has no cve (I requested that before 
# [Sec] Only use forum id supplied for posting if global announcement 
detected. (Reported by nickvergessen)

Hanno Böck		Blog:
GPG: 3DBD3B20		Jabber/Mail: - professional webhosting

Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ