Package: phpbb2 Tags: security Severity: grave A new round of security issues in phpBB has been disclosed.
| After these weaknesses were found and disclosed to the vendor | nearly 80 days ago, several problems with unitialised variables | were discovered that allow XSS, SQL injection and even remote | execution of arbitrary PHP code, when phpBB is used with | register_globals turned on. <http://www.hardened-php.net/advisory_172005.75.html> Vendor advisory: <http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756> (This contains a lot of additional fixes; it's not clear which ones are security-relevant.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
