Re: Unauthorized access in Web Wiz Forum
bruce_at_webwizguide.info
Date: 11/04/03
- Previous message: Mandrake Linux Security Team: "MDKSA-2003:103 - Updated apache packages fix vulnerabilities"
- Maybe in reply to: Alexander Antipov: "Unauthorized access in Web Wiz Forum"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 4 Nov 2003 11:15:38 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <020a01c3a126$9b91aaf0$0bd3bdd5@pigkiller>
The following issue has been resolved with release 7.51 of Web Wiz Forums.
The updated version, 7.51, that has corrected this vulnerability can be downloaded from:-
http://www.webwizforums.com
>
>
>Unauthorized access in Web Wiz Forum
>
>A vulnerability has found in Web Wiz Forum (6.34, 7.01, 7.5). Remote user
>(authenticated or not) can read message in private forum. Remote user can
>post message in private forum.
>
>Software does not compare message to forum, when "quote" mode is used. In
>result, remote user (authenticated or not) can read and post message in
>private forum, to which he hasn't access.
>
>thanks to Tecklord, Pharaoh and other moderator of
>http://Forum.SecurityLab.ru
- Previous message: Mandrake Linux Security Team: "MDKSA-2003:103 - Updated apache packages fix vulnerabilities"
- Maybe in reply to: Alexander Antipov: "Unauthorized access in Web Wiz Forum"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
