Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Announcements
 Announcements: Security Related Bug Fixes
 new security fix, members.asp
 New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 23 November 2010 :  09:10:51  Show Profile  Send ruirib a Yahoo! Message
Members.asp has a security vulnerability on Snitz 3.4.07 (3.4.06 is also affected).

To fix the vulnerability, around line#85

where you can find this:

SearchNameDisplay = SearchName



Please change it to this:

SearchNameDisplay = Server.HTMLEncode(SearchName)



As I said, 3.4.06 has the same vulnerability, same line number and the fix is the same. Versions previous to 3.4.06 are not affected.

Please post on the General / Current version forum for any help with this issue.

The Snitz download from sourceforge has been updated with this and all previous security fixes. If you download the new version, in the meantime, please check members.asp to be sure the fix is there, as changes do take some time to propagate, at times.


Snitz 3.4 Readme | Like the support? Support Snitz too
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.06 seconds. Powered By: Snitz Forums 2000 Version 3.4.07