Jump to content


Welcome to DevFuse Forums


Sign In  Log in with Facebook

Create Account
Welcome to DevFuse Forums, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of DevFuse Forums by signing in or creating an account.
  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.
 
Guest Message by DevFuse

(View All Products)Featured Products

  • Donations


    Help fund your forum with donations, setup goals and track member donations. Offer rewards for members donating.
  • Timeslips


    Have your members submit their race times and share with others.
  • Videos


    Allows your members to submit their own videos for community viewing. Support is included for all the major video sites.
  • Forms


    Build your own forms for your members without coding experience. Support included for pm, email and topics.
  • Collections


    Build a community database of items for your members. Full features custom fields included.

Photo

IP.Board 2.2.x Security Update


  • Please log in to reply
No replies to this topic

#1 Michael

Michael

    Management

  • Management
  • 3,524 posts
  • Gender:Male
  • IP.Board Version:IPB 3.4.x

Posted 11 June 2007 - 02:42 PM

We have been notified that a vulnerability exists in the profile updating functions of IP.Board 2.2.0 - IP.Board 2.2.2.

Although the vulnerability cannot change any authentication credentials such as the email address or password and the vulnerability cannot be used to craft XSS (cross site scripting) attacks it can be used to cause a nuisance by updating another user's AIM name, Yahoo! identity, et. cetera.

The update (attached) is a single file update to "sources/action_public/xmlout.php". Manual patch instructions are also supplied.

The main download zip has been updated at the time of this announcement.

We would like to thank "iMMENSE" for bringing this to our attention.

Patch File:
http://forums.invisi...?...st&id=11699

Manual Patch Instructions (for power users):
http://forums.invisi...?...st&id=11700

Source: Click Here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users