[VIM] WoltLab security question

security curmudgeon jericho at attrition.org
Wed May 11 02:40:56 EDT 2005

I am trying to ascertain if a recent security posting is the same issue 
listed on various security sites.


   04-19-2005 06:45pm
   Security Update for Burning Board 2 and Burning Board Lite released

   Today we have been notified about a possible security hole in all
   Burning Board and Burning Board Lite versions. We have fixed the problem
   and provide you the update files for versions 2.0.3, 2.1.5, 2.2.1 and
   2.3.1 in the members area. The download of the fixed Burning Board Lite
   version can be found in Products -> Burning Board Lite.

Checking the CVE project (http://cve.mitre.org) and OSVDB 
(http://osvdb.org), the following vulnerabilities are listed in the rough 
time frame:

15907 WoltLab Burning Board pms.php folderid Variable XSS
Apr 24, 2005

15807 WoltLab Burning Board thread.php hilight Variable XSS
Apr 22, 2005

14356 WoltLab Burning Board session.php Multiple Parameter SQL Injection
Mar 3, 2005

The date of the posting above puts it between the session.php and 
thread.php issues. Can you please verify if the posting above relates to 
one of these two issues, the date is incorrect and it pertains to another 
issue afterwards, or if it is an entirely different vulnerability?


Brian Martin

More information about the VIM mailing list