[VIM] MaxWebPortal acknowledgement - but for what?

security curmudgeon jericho at attrition.org
Fri May 13 22:38:00 EDT 2005

: from http://www.maxwebportal.com/announcements.asp#48
: "MaxWebPortal Version 1.36
: MaxWebPortal Version 1.36 - Keeping MaxWebPortal Secure
: All security fixes have been thoroughly tested in all supported 
: operating systems and databases...  Special thanks to Zinho from 
: SecurityForge for auditing the source code.  Thanks to mAtrix for fixing 
: the injection bugs and to all who participated in testing."
: The announcement isn't dated, and their forums are currently down, and 
: they have other recent vuln's announced.  So at this instant it's not 
: clear whether they're talking about these issues:
:   BUGTRAQ:20050511 [HSC Security Group] MaxWebPortal - Multiple SQL
:                    injection/XSS
:   MISC:http://www.hackerscenter.com/archive/view.asp?id=2542
: ... or some other set of issues.
: Can't find an email POC, either...

SecurityTracker had another bunch of MaxWebPortal vulns.

Apr 27 = big batch of SQL injection

May 11 = big batch of SQL injection

Look to be all different scripts with little or no overlap?

More information about the VIM mailing list