[UseBB-Announce] UseBB 1.0.6 released

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

The UseBB Team is happy to announce version 1.0.6 of the light and Open 
Source PHP/MySQL bulletin board package "UseBB".

Version 1.0.6 is a minor security and bug fix release. Changes include 
but are not limited to:
- fixed a full path disclosure vulnerability;
- fixed a bug that posed problems when setting certain time zones;
- fixed more bugs in the SQL Toolbox and ACP Modules panes of the ACP.

Upgrading is highly recommended. Visit http://www.usebb.net/downloads/ 
for downloads. Information about upgrading is available in the 
docs/index.html document.

The discovered security vulnerability (full path disclosure) only occurs 
on PHP setups with register_globals enabled and certain GET or POST 
variables passed to the system, resulting into an error containing the 
script's full path on the web server. This vulnerability itself cannot 
be exploited directly, but the disclosed information may be abused by 
people with system access.

Thanks to Jesper Jurcenoks of netVigilance, Inc. for reporting this. 
Their security advisory can be found at 
http://www.netvigilance.com/advisory0016.

-- 
Regards,
Dietrich Moerman
UseBB Project Manager
http://www.usebb.net

[UseBB-Announce] UseBB 1.0.6 released

Light and Free PHP Forum Software

[UseBB-Announce] UseBB 1.0.6 released