General > General Discussion

Security Vulnerabilities

(1/2) > >>

nls73m:
This is a great project. Unfortunately, it suffers from many security vulnerabilities that have not been fixed nor patched. How does anyone expect to use this software in production? I have not been able to find any patches to any of the security issues.  :'(

sangahm:
Can you list out the security vulnerabilities that you think need to be fixed?

nls73m:
http://mibew.org/forums/index.php?topic=3332.0
https://github.com/inspirer/mibew/issues/8
http://packetstormsecurity.org/files/109242/Mibew-Messenger-1.6.4-Cross-Site-Scripting.html
http://www.cvedetails.com/vulnerability-list/vendor_id-11824/year-2012/opxss-1/Mibew.html
http://www.net-security.org/vuln.php?id=16124
http://www.securityfocus.com/bid/51723/exploit
http://www.codseq.it/advisories/mibew_messenger_multiple_xss
http://secunia.com/advisories/47787
http://forums.cnet.com/7726-6132_102-5268163.html
http://xforce.iss.net/xforce/xfdb/72822
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0829

TekNoWene:
Looks like it is time for a newer version just to keep up with the security holes!

docboxer:
I used this script on a hosting site and didn't know about the security issues. My site was turned into a phishing site twice.  The last time was 2 days ago. I had to get my hosting provider to completely remove the site and domain name. Then set up a new account with a new domain name.

It is irresponsible of  you to keep this script going and not fix the security issues.

Navigation

[0] Message Index

[#] Next page

Go to full version