UseBB 1.0.6 released

Submitted by Anonymous on Thu, 04/12/2007 - 14:01
Written by
Dietrich

The UseBB Team is happy to announce version 1.0.6 of the light and Open Source PHP/MySQL bulletin board package "UseBB".

Version 1.0.6 is a minor security and bug fix release. Changes include but are not limited to:
- fixed a full path disclosure vulnerability;
- fixed a bug that posed problems when setting certain time zones;
- fixed more bugs in the SQL Toolbox and ACP Modules panes of the ACP.

Upgrading is highly recommended. Visit http://www.usebb.net/downloads/ for downloads. Information about upgrading is available in the docs/index.html document.

The discovered security vulnerability (full path disclosure) only occurs on PHP setups with register_globals enabled and certain GET or POST variables passed to the system, resulting into an error containing the script's full path on the web server. This vulnerability itself cannot be exploited directly, but the disclosed information may be abused by people with system access.

Thanks to Jesper Jurcenoks of netVigilance, Inc. for reporting this. Their security advisory can be found at http://www.netvigilance.com/advisory0016.

Well done, thanks Dietrich.

Now if I can only download it, seems SF is down.

Works here, perhaps you should choose a different download mirror?

All I get is Failure To Connect To Web Server, even SF logo image here doesn't load.

I guess it must be something local. Perhaps it has been solved now?

Got it, worked all the sudden.

Gil Berger

Fri, 04/27/2007 - 19:01

Good Luck!

Good Luck ! With 2.0

Nice boards, I see. I will translate the package to Lithuanian.