SimpleBBS 1.0.6 Default Permissions Vuln

From: flur (flurat_private)
Date: Fri Mar 07 2003 - 13:39:54 PST

Next message: Eitan Caspi: "[EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the local administrators group"

Previous message: EnGarde Secure Linux: "[Full-Disclosure] [ESA-20030307-008] 'file' ELF parsing routine buffer overflow vulnerability."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SimpleBBS 1.0.6 Security Problem:

User database stored in a php file that's readable by anyone.
http://www.tareget.com/simplebbs/users/users.php

Passwords are md5'ed, but user data is not.

The vendor was notified and has released updates.



____________________ __ _
~FluRDoInG                        flurat_private
                             http://www.flurnet.org
KEY ID 0x8C2C37C4 (pgp.mit.edu) RSA-CAST 2048/2048
1876 B762 F909 91EB 0C02  C06B 83FF E6C5 8C2C 37C4

Next message: Eitan Caspi: "[EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the local administrators group"
Previous message: EnGarde Secure Linux: "[Full-Disclosure] [ESA-20030307-008] 'file' ELF parsing routine buffer overflow vulnerability."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 07 2003 - 14:19:37 PST