| Search | Statistics | User Listing | Forums | Calendars | Albums | Quotes | Skins |
| PD9 Software Forums -> MegaBBS -> MegaBBS General Discussion -> View Thread |
|
| You are logged in as a guest. ( logon | register ) |
| Random quote: "I might have some smarts, but I'm no rocket surgeon!" -Mark Diamond - (Added by: shadez) |
 MegaBBS 2.1 updates[Frozen] Moderators: Support Team Jump to page : 1 Now viewing page 1 [25 messages per page] | View previous thread :: View next thread |
 MegaBBS -> MegaBBS General Discussion | Message format |
Matt |
| ||
MegaBBS Author      Location: Fort Wayne, IN | To be automatically notified of updates to the system, consider subscribing to this thread. You should apply this patch to prevent a possible security exploit that was discovered by one of our users, Arlie Davis. We are very thankful that this was brought to our attention. PD9 Software takes security very seriously and we will always bring updates such as this to your attention as soon as they are discovered. Although MegaBBS has historically not been subject to security updates, as with any applications, no code is perfect. Please periodoically check back with pd9soft.com for updates such as this Versions affected: MegaBBS 2.0, 2.1 MegaBBS 1.x installations are unaffected Files affected: /admin/userlevelmembers-edit.asp /admin/edit-groups.asp Type of exploit: Userlevel escalation Installation: Download the attached files and overwrite your existing files. No further changes are required /admin/userlevelmembers-edit.asp /admin/edit-groups.asp These updates have been included in the main download available from the website as of Feb 16 2004. If you are unsure whether you have this patch, it will not hurt to double-apply. Made modifications to your files? Try the ExamDiff application to see what's new http://www.prestosoft.com/ps.asp?page=edp_examdiff Attachments ----------------  edit-groups.asp (8KB - 6080 downloads) userlevelmembers-edit.asp (8KB - 6450 downloads) | ||
| |||
| Matt |
| ||
MegaBBS Author Location: Fort Wayne, IN | Fixes the "Editing a post causes attachments to disappear" bug. Fixes the "Newest messages on top" option for flat mode viewing. /includes/include-forum.asp Attachments ---------------- include-forums.zip (15KB - 5225 downloads) | ||
| |||
| Matt |
| ||
MegaBBS Author Location: Fort Wayne, IN | This is another important security update that was brought to my attention early this morning by Jayson from hypercubed.com . You should apply this update if you are running any version of MegaBBS 2.x. This fixes a possible vulnerability that could allow a user to abuse the impersonation system. Made modifications to your files? Try the ExamDiff application to see what's new http://www.prestosoft.com/ps.asp?page=edp_examdiff Attachments ---------------- include.zip (22KB - 5147 downloads) | ||
| |||
| Matt |
| ||
MegaBBS Author Location: Fort Wayne, IN | This attached file should help fix the problem with the Administrator account being mysteriously removed as an administrator. This wasn't limited to only the Administrator account, but that was the most visible symptom. Attachments ---------------- edit-groups.asp (8KB - 4793 downloads) | ||
| |||
| Matt |
| ||
MegaBBS Author Location: Fort Wayne, IN | Two updates: 1. Fixed an HTTP response splitting attack in thread-post.asp 2. Some enhancements to the javascript filters in includes.asp (mbbsdecode) Attachments ---------------- updates.zip (26KB - 3856 downloads) | ||
| |||
| Blair |
| ||
 Posts: 1266  Location: Christchurch, New Zealand | |||
| |||
| Matt |
| ||
MegaBBS Author Location: Fort Wayne, IN | Hi, it's been a while since the last update here. However a recent security audit has turned up a possible vulnerability in /forum/statistics/user-listing.asp The attached file should be applied to any 2.x system. While I believe this vulnerability extends only users running on MS-SQL databases, all users including those running Access databases should patch their systems. To apply this fix, download the attached ZIP file and overwrite your /forum/statistics/user-listing.asp with the included user-listing.asp page. This fix is included standard in the main download as of the afternoon of Sep 19 2005 To subscribe to this thread and receive e-mail notifications of all future updates, logon or register for an account, and click on the link at the bottom right "Toggle e-mail notification". All important 2.0, 2.1 updates will be posted here! Any future 2.2 updates will be posted in a different thread. Attachments ---------------- user-listing.zip (2KB - 2450 downloads) | ||
| |||
| Matt |
| ||
MegaBBS Author Location: Fort Wayne, IN | A bug in the send-private-message funcationality has been discovered that may disclose other members private messages. Credits to Hamid Ebadi for the notification (Hamid Network Security Team) This fix is included standard in the main download as of the afternoon of Jan 07 2006 To subscribe to this thread and receive e-mail notifications of all future updates, logon or register for an account, and click on the link at the bottom right "Toggle e-mail notification". All important 2.0, 2.1 updates will be posted here! Any future 2.2 updates will be posted in a different thread. Attachments ---------------- send-private-message.zip (1KB - 4095 downloads) | ||
| |||
| Jump to page : 1 Now viewing page 1 [25 messages per page] | |
| Search this forum Printer friendly version E-mail a link to this thread |
| (Delete all cookies set by this site) | |
| Running MegaBBS ASP Forum Software © 2002-2010 PD9 Software | |
