Quick Login
06-25-2008, 07:42 PM
| #1 |
| Lurker Join Date: Jun 2008
Posts: 1
 |  forum software security & vulnerabilities Hi all, Can anyone help me make sense of this... I was researching forum softwares, and came across this website: National Vulnerability Database Does anyone know what all this stuff below means, are these things that I should be concerned about? Almost every forum software is listed with numerous issues. Below are a few examples and just the first entry listed under each software. I'm new to all this, so my apologies if this was previously explored. Also, does anyone know which software is "known" to be the most secure....which is the absolute worst? Any information is greatly appreciated. Mardi Gras Hugs to all! VBulletin 1st entry: Overview SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter. References to Advisories, Solutions, and Tools External Source: XF (disclaimer) Name: cauposhopclassic-saarticleid-sql-injection(43200) Hyperlink: ISS X-Force Database: cauposhopclassic-saarticleid-sql-injection(43200): CaupoShop Classic saArticle[ID] SQL injection PHPbb Original release date: 5/28/2008 Last revised: 5/28/2008 Source: US-CERT/NIST Overview PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] parameter. Impact CVSS Severity (version 2.0): CVSS v2 Base score: 10.0 (High) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend) Impact Subscore: 10.0 Exploitability Subscore: 10.0 Access Vector: Network exploitable Access Complexity: Low Authentication: Not required to exploit Impact Type: Provides administrator access, Allows complete confidentiality, integrity, and availability violation , Allows unauthorized disclosure of information , Allows disruption of service IPB Original release date: 3/17/2008 Last revised: 3/18/2008 Source: US-CERT/NIST Overview Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913. Impact CVSS Severity (version 2.0): CVSS v2 Base score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I  /A:N) (legend) Impact Subscore: 2.9 Exploitability Subscore: 8.6 Access Vector: Network exploitable , Victim must voluntarily interact with attack mechanism Access Complexity: Medium Authentication: Not required to exploit Impact Type: Allows unauthorized modification |
|  |
|
06-28-2008, 07:16 PM
| #2 |
| Member  Join Date: Apr 2006 Location: Cincinnati, Ohio
Posts: 72
   | SQL injection - Wikipedia, the free encyclopedia Remote file inclusion - Wikipedia, the free encyclopedia Cross-site scripting - Wikipedia, the free encyclopedia
__________________ The Oldiesmann To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts. Compliance Manager / Marketing Team member To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts. - RC1 now available! |
|
| |
 |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Why most forums fail within first year of their existence | bcmtouring | Forums General | 24 | 08-04-2009 10:52 PM |
| Unwritten Rules of Forums | Ryan | Handling Problem Members | 3 | 08-17-2008 02:17 AM |
| Top ten ways to make your forum community stand out. | CompletevB | Planning and Brainstorming | 16 | 08-13-2007 02:02 AM |
| Starting a new forum, which software? | rockinaway | Software | 16 | 11-01-2006 09:01 PM |
| Introduction to Forum Promotion | htmlmaster | Creating Interest | 3 | 06-12-2006 04:53 PM |
Linear Mode
