jaded writes:  

Hi everyone,

We want to announce the FREE public release of our new theme.This comes to you in time for spring. It is offered in two color schemes, both aqua and purple. This is geared more toward the women out there who use nuke although men may enjoy it as well. The theme will have a blank header section for you to customize. This comes with a blank footer as well for those of you who prefer that. It is a nice crisp theme called ShatteredGlass. This is not a TECH theme. It is compatible with nuke 6.0 to 7.0 not tested above but should work. Please be sure to read the read me file included with the theme.  Read More...

Yet another one. This appears to be limited to a person who is already an admin. Chatserv offers up a great fix, as usual! See this post .

Nukeum66 writes:  

Games II is a Flash Game module for PHP-Nuke 6.x or 7.x
Consists of 19 flash games from Miniclips.com and Neave.com.
Note: High scores are not saved ... Sorry!

Check it out here or Download it here

Changes:
Fixed several vulnerabilities in admin pages
Fixed sid checking code in admin/pagestart.php
Fixed injection vulnerabilities possible with the img bbcode tag
Limited allowed images in img bbcode tag to jpg, jpeg, gif and png
Fixed redirect problems - 2.0.7a
Fixed sql injection vulnerability in search - 2.0.7a
To view the files that need to be replaced to upgrade from BBtoNuke 2.0.7 to 2.0.8 or to make the changes manually go here, the only two files you won't be able to manually edit are pagestart.php and bbcode.php, the first one underwent changes only valid on PHP-Nuke and the second one was re-ported.
Download here. Read More...

SecurityFocus has reported about a vulnerability in admin.php that allows an attacker to create a superuser or modify existing ones, several solutions have been provided and i for one will check into them but in the meantime i offer adding to admin.php after the credits the following:

if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {
die("Illegal Operation");
}

Neither op should pass through the url anyway so my first choice is to block them, i will check into this issue tomorrow.

[Admin Note:] For those who use my Hacker Script, you can do this

if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {
$loc = $_SERVER['QUERY_STRING'];
header("Location: hackattempt.php?$loc");
die();
}

The phpBB Group recently updated version 2.0.7 to correct a flaw in search.php, the updated release has been dubbed phpBB 2.0.7a, this is the PHP-Nuke update to match that version.
If you already updated to BBtoNuke 2.0.7 or are using PHP-Nuke 7.2 then the only files you need to replace on your site are:
search.php
login.php
and the Private Messages module's index.php
Download here.