Top 10 Open Source Forums – 12 Months of Vulnerabilities
A friend of mine asked me to recommend a secure open source PHP bulletin board (forum) . Having worked with PHPbb in the past, I remembered the large number of PHPbb security vulnerabilities which were reported every few months. I decided to take a look at today’s top 10 bulletin boards and see how many security vulnerabilities have been published in the last 12 months by Secunia.
For my test I chose
phpBB
YaBB
bbPress
Beehive
deluxeBB
iceBB
MyBB
Phorum
PunBB
The results show that PhPBB and MyBB still rule in the game of security vulnerabilities with 13 each (averaging one each month!) whilst BBPress and Beehive had no public vulnerability disclosure.
Vulnerabilities disclosed during May 2006 – May 2007
Bulletin Board
# Vulnerabilities.
1
BBPress
0
2
Beehive
0
3
IceBB
1
4
QuickSilver
1
5
YaBB
2
6
PunBB
3
7
Phorum
4
8
DeluxeBB
7
9
PHPbb
13
10
MyBB
13
I know that more attention it gets, the more an application is prone to being picked on for vulnerabilities. I will watch the comments on this top 10, but right now I would go for BBpress or Beehive
Here are the complete results:
BBPress : 0
Beehive : 0
IceBB: 1
1
IceBB Avatar SQL Injection and PHP Code Execution
2007-03-27
QuickSilver : 1
1
Quicksilver Forums “set[include_path]” File Inclusion Vulnerability
2006-09-14
YaBB : 2
1
SuperMod “sourcedir” File Inclusion Vulnerabilities
2006-10-16
2
YaBB SE “user” SQL Injection Vulnerability
2006-06-23
PunBB : 3
1
PunBB “referer” and Category Name Vulnerabilities
2007-04-12
2
PunBB “language” Parameter Local File Inclusion
2006-10-31
3
PunBB “redirect_url” Cross-Site Scripting Vulnerability
2006-05-05
Phorum : 4
1
Phorum Multiple Vulnerabilities
2007-04-20
2
Phorum “admin.php” Cross-Site Scripting Vulnerability
2007-03-06
3
Phorum Cross-Site Scripting and Local File Inclusion
2006-07-14
4
Phorum Cross-Site Scripting Vulnerability
2006-06-27
DeluxeBB : 7
1
DeluxeBB “templatefolder” File Inclusion Vulnerability
2006-10-02
2
DeluxeBB pm.php Authentication Bypass Vulnerability
2006-08-08
3
DeluxeBB Multiple Vulnerabilities
2006-07-19
4
DeluxeBB Cross-Site Scripting and SQL Injection
2006-06-26
5
DeluxeBB SQL Injection and File Inclusion Vulnerabilities
2006-06-14
6
DeluxeBB Multiple File Extensions File Upload Vulnerability
2006-05-17
7
DeluxeBB “name” SQL Injection Vulnerability
2006-05-16
PHPbb :13
1
Phpbb Tweaked “phpbb_root_path” File Inclusion
2007-02-01
2
Virtual Path for phpBB “phpbb_root_path” File Inclusion
2007-01-26
3
phpBB privmsg.php Cross-Site Request Forgery and Cross-Site Scripting
2006-12-08
4
Fully Modded phpBB Multiple File Inclusion Vulnerabilities
2006-10-24
5
phpBB PlusXL “phpbb_root_path” File Inclusion Vulnerability
2006-10-16
6
phpBB Archive for Search Engines “phpbb_root_path” File Inclusion
2006-10-16
7
Dimension of phpBB “phpbb_root_path” File [...]
Read more at Dragos Lungu Dot Com | Security Notes And Tools
Hello,
My computer worked slowly, many errors. Help me, please to fix buggs on my computer.
I used Windows 2003.
With best regards,
Frugtraitte
Hello !
I’m new on this forum so I introduce me…
My name is Jason I’m 23 years old, I’m Spanish.
I like: holdem poker and kitesurf…
Nice to meet you