Re: ipb Css bug(now public)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: ipb Css bug(now public)
From: mattmecham@xxxxxxxxx
Date: 8 Aug 2005 13:12:39 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

While IPB < 1.3 *might* have been vulnerable, IPB 2.x definitely isn't as HTML 
files are saved with the mime-type "unknown/unknown" which prompts the user to 
download the file to their desktop making it totally safe.

Follow-Ups:
- Re: ipb Css bug(now public)
  - From: Nicolas Gregoire

Prev by Date: E107 + IPB XSS Exploit
Next by Date: iDEFENSE Security Advisory 08.05.05: EMC Navisphere Manager Directory Traversal Vulnerability
Previous by thread: ipb Css bug(now public)
Next by thread: Re: ipb Css bug(now public)
Index(es):
- Date
- Thread