[CentOS] Off-Topic Mambo Vulnerabilities & Patches

Jim Smith jim_smith2006 at yahoo.com
Tue Feb 28 14:12:02 UTC 2006


This has been assigned, CVE-2006-0871 on
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0871 

http://secunia.com/advisories/18935/ has some interesting details and
the requirement for "magic_quotes_gpc" is disabled for the Mambo SQL
Injection and File Inclusion Vulnerabilities.

While Mambo and VBulletin do suffer from vulnerabilities, (probably
once per year), they have a better security record than phpbb/phpnuke
which  have vulnerabilities/incidents upto 4 times per year. Some
hosts ban phpbb from their servers.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the CentOS mailing list