Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Mon May 31, 2010 6:04 am Reply with quote

I´m getting dozen of blocked e-mails daily from NukeSentinel.
So I `ll chance this behavior but I checked also my logs and found out there is an security issue with this calendar in Joomla.

Quote:
GET /*.php?option=com_gcalendar&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 403 1712 "-" "libwww-perl/5.831"


"GCalendar Suite 2.1.5 is vulnerable; other versions may also be affected. "

More information:
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
nuken
RavenNuke(tm) Development Team


Joined: Mar 11, 2007
Posts: 2024
Location: North Carolina

PostPosted: Mon May 31, 2010 7:09 am Reply with quote

I think that is a totally different project. It is a google calendar integration into joomla.

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
Palbin
Site Admin


Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania

PostPosted: Mon May 31, 2010 8:46 am Reply with quote

I have checked and this does not affect us as far as I can tell. I couldn't find a controller or com_gcalendar variable.

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
Susann
PostPosted: Mon May 31, 2010 12:42 pm Reply with quote

You are right. Doesn´t affect us directly but indirectly through NukeSentinel.
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Thu Jun 03, 2010 12:33 pm Reply with quote

Susann wrote:
You are right. Doesn´t affect us directly but indirectly through NukeSentinel.

Yes, people are probably searching Google for "GCalendar" and then trying their luck not realising it's the wrong GCalendar
 
View user's profile Send private message Send e-mail
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©