Date: Mon, 7 May 2012 18:40:41 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: CVE request: mybb before 1.6.7 According to release notes http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ five security issues have been fixed: SQL injection vulnerability within the Admin Control Panel (ACP) in user search (reported by Nathan Malcolm, MyBB SQA Team) SQL injection vulnerability within the ACP in Mail Log (reported by Nathan Malcolm, MyBB SQA Team) SQL injection vulnerability within the ACP in User Inline Moderation (reported by Jammerx2, MyBB Developer) XSS within the ACP where an orphaned attachment has a malformed filename (reported by Nathan Malcolm, MyBB SQA Team) Full Path Disclosure if malformed forumread cookie is used Please assign CVEs -- Hanno Böck mail/jabber: hanno@...eck.de GPG: BBB51E42 http://www.hboeck.de/ Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.