Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

waraxe Advisory #33 released Wed Jun 23, 2004 12:07 am
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
oprime2001
Worker
Worker



Joined: Jun 04, 2004
Posts: 119
Location: Chicago IL USA
PostPosted: Wed Jun 23, 2004 8:47 pm Reply with quote
waraxe Advisory #33 Posted: Wed Jun 23, 2004 12:07 am

Quote:

Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

There are various security flaws - full path disclosure, xss, script injection and critical sql injection. Most of the bugs, dicussed in current advisory, are located in "Journal" module, and couple of full path disclosure bugs are in "Web_Links" and "Statistics" modules.


Original can be viewed here:
[ Only registered users can see links on this board! Get registered or login! ]

Patching tutorial:
[ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Wed Jun 23, 2004 8:57 pm Reply with quote
See my news item on the front page Smile
 
View user's profile Send private message
chatserv
Member Emeritus



Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico
PostPosted: Wed Jun 23, 2004 10:49 pm Reply with quote
Nuke Patched 2.5 takes care of the Web Links and Statistics modules issues but only of some of the vulnerabilities found in the Journal module, i would actually suggest disabling it for the time being.
 
View user's profile Send private message Visit poster's website
tix
Hangin' Around



Joined: Jun 05, 2004
Posts: 41
PostPosted: Thu Jun 24, 2004 9:50 am Reply with quote
Ok journal disabled Laughing Laughing
All others are ok
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©