[VIM] MaxWebPortal acknowledgement - but for what?
jericho at attrition.org
Fri May 13 22:38:00 EDT 2005
: from http://www.maxwebportal.com/announcements.asp#48
: "MaxWebPortal Version 1.36
: MaxWebPortal Version 1.36 - Keeping MaxWebPortal Secure
: All security fixes have been thoroughly tested in all supported
: operating systems and databases... Special thanks to Zinho from
: SecurityForge for auditing the source code. Thanks to mAtrix for fixing
: the injection bugs and to all who participated in testing."
: The announcement isn't dated, and their forums are currently down, and
: they have other recent vuln's announced. So at this instant it's not
: clear whether they're talking about these issues:
: BUGTRAQ:20050511 [HSC Security Group] MaxWebPortal - Multiple SQL
: ... or some other set of issues.
: Can't find an email POC, either...
SecurityTracker had another bunch of MaxWebPortal vulns.
Apr 27 = big batch of SQL injection
May 11 = big batch of SQL injection
Look to be all different scripts with little or no overlap?
More information about the VIM