Author Topic: Security Vulnerabilities (Read 5724 times)

nls73m · « **on:** June 26, 2012, 03:45:00 PM »

This is a great project. Unfortunately, it suffers from many security vulnerabilities that have not been fixed nor patched. How does anyone expect to use this software in production? I have not been able to find any patches to any of the security issues.

sangahm · « **Reply #1 on:** June 26, 2012, 04:31:58 PM »

Can you list out the security vulnerabilities that you think need to be fixed?

nls73m · « **Reply #2 on:** June 26, 2012, 09:35:35 PM »

http://mibew.org/forums/index.php?topic=3332.0
https://github.com/inspirer/mibew/issues/8
http://packetstormsecurity.org/files/109242/Mibew-Messenger-1.6.4-Cross-Site-Scripting.html
http://www.cvedetails.com/vulnerability-list/vendor_id-11824/year-2012/opxss-1/Mibew.html
http://www.net-security.org/vuln.php?id=16124
http://www.securityfocus.com/bid/51723/exploit
http://www.codseq.it/advisories/mibew_messenger_multiple_xss
http://secunia.com/advisories/47787
http://forums.cnet.com/7726-6132_102-5268163.html
http://xforce.iss.net/xforce/xfdb/72822
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0829

TekNoWene · « **Reply #3 on:** December 07, 2012, 11:30:38 PM »

Looks like it is time for a newer version just to keep up with the security holes!

docboxer · « **Reply #4 on:** March 23, 2013, 06:47:45 PM »

I used this script on a hosting site and didn't know about the security issues. My site was turned into a phishing site twice. The last time was 2 days ago. I had to get my hosting provider to completely remove the site and domain name. Then set up a new account with a new domain name.

It is irresponsible of you to keep this script going and not fix the security issues.

News:

Author Topic: Security Vulnerabilities (Read 5724 times)

nls73m

Security Vulnerabilities

sangahm

Re: Security Vulnerabilities

nls73m

Re: Security Vulnerabilities

TekNoWene

Re: Security Vulnerabilities

docboxer

Re: Security Vulnerabilities