[29230] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

SimpleBBS 1.0.6 Default Permissions Vuln

daemon@ATHENA.MIT.EDU (flur)
Fri Mar 7 17:22:46 2003

Message-Id: <5.1.0.14.2.20030307163618.039184a8@mail.tht.net>
Date: Fri, 07 Mar 2003 16:39:54 -0500
To: bugtraq Security List <bugtraq@securityfocus.com>
From: flur <flur@flurnet.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed

SimpleBBS 1.0.6 Security Problem:

User database stored in a php file that's readable by anyone.
http://www.tareget.com/simplebbs/users/users.php

Passwords are md5'ed, but user data is not.

The vendor was notified and has released updates.

____________________ __ _
~FluRDoInG                        flur@flurnet.org
                             http://www.flurnet.org
KEY ID 0x8C2C37C4 (pgp.mit.edu) RSA-CAST 2048/2048
1876 B762 F909 91EB 0C02  C06B 83FF E6C5 8C2C 37C4


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29230] in bugtraq

SimpleBBS 1.0.6 Default Permissions Vuln

daemon@ATHENA.MIT.EDU (flur)Fri Mar 7 17:22:46 2003

daemon@ATHENA.MIT.EDU (flur)
Fri Mar 7 17:22:46 2003