According to http://simplemachines.org/community/?topic=509417#msg3592194
Simple Machines Forum <= 2.0.5 (but > 1.1.*) is vulnerable to one or more (currently undocumented) security issues. The changes between v2.0.4 and 2.0.5 can be reviewed at http://custom.simplemachines.org/upgrades/index.php?action=upgrade;file=smf_patch_2.0.5.tar.gz;smf_version=2.0.4 This is just a heads up, I haven't tried to look into those in detail. CVE folks: If you'll handle this, please also check the last ones: http://simplemachines.org/community/?topic=496403.0 http://osvdb.org/show/osvdb/92745 http://osvdb.org/show/osvdb/88909 Moritz -- Naumann IT Security Consulting Samariterstr. 16 10247 Berlin Germany _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
