Security holes in Powerboard forum

From: frog frog (leseulfrog@hotmail.com)
Date: 04/09/02 

Date: 9 Apr 2002 10:10:43 -0000
From: frog frog <leseulfrog@hotmail.com>
To: vuln-dev@securityfocus.com
('binary' encoding is not supported, stored as-is)

Product :
Powerboards
http://powerboards.sourceforge.net/

Versions :
2.2b (and less ?)

Problems :
- Cross Site Scripting
- Path disclosure
- Access to the administration
- Access to users accounts without password
- Recovery of admins/users passwords
- Suppression of messages
- Writing on the hard disk

More details :
in french :
http://www.ifrance.com/kitetoua/tuto/powerboards.txt

translated by Google :
http://translate.google.com/translate?u=http%3A%
2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2Fpowerboards.txt&langpair=fr%7Cen&hl=fr&prev=%
2Flanguage_tools

frog-m@n

Relevant Pages

  • Re: OT-Transparency in Action
    ... goals of his administration and he has delivered. ... Recovery and Reinvestment Plan money is going to be spent. ...
    (rec.outdoors.rv-travel)
  • Re: Storage Group
    ... Other than administration, you may want to consider Disaster Recovery. ... Students could wait a day or two, then you may want to have seperate storage ... groups - as this would minimise the size of the SG for the Faculty and you ...
    (microsoft.public.exchange.admin)
  • Re: Frage bzgl. Audio CDs, die Rootkits installieren
    ... er mir sein Kennwort nicht gibt" war Recovery :-) ... Personen-Accounts - und wenn die Administration diese Abstraktion ...
    (de.soc.recht.datennetze)
Quantcast