Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 11 Oct 2010 15:28:51 -0400 (EDT)
From: Josh Bressers <>
Cc: coley <>
Subject: Re: CVE request: usebb before 1.0.11 unauthorized
 access to content

----- "Hanno Böck" <> wrote:

> A security issue has been discovered in UseBB 1.0.10 with per forum and
> topic RSS feeds in combination with restricted forum access permissions,
> giving users access to post contents that should remain hidden. Anyone
> having a restricted "read" permission set but NOT an equal or more
> restricted "view" one is prone to this issue.

Here is a slightly better description here:

Please use CVE-2010-3713 for this.



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ