Possible security leak in ibrowser and imanager for tinyeditor [Module troubleshooting]

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

Possible security leak in ibrowser and imanager for tinyeditor

2007/1/16 20:42
frankblack
Just can't stay away
Posts: 830
Since: 2005/6/13

A user reported a possible vulnerability in ibrowser and imanager through the use of phpThumb. The phpThumb version used in these plugin were a bit older, but much younger than the latest security report on phpThumb. imanager and ibrowser are now using phpThumb 1.76.

For those already using ibrowser or imanager: just remove the old folder phpThumb within imanager or ibrowser (with subfolders) and upload the new one.

I wasn't able to reproduce the bug and did not found new security leaks, but I wanted to be sure, so this is why I was taken action.

Don't forget to set chmods as described in the documentation.

phpThumb patch can be found HERE

Repacked ibrowser can be found HERE

Repacked imanager can be found HERE

Sorry for the inconvenience!

Login

Username

Password

Remember me

Search

Advanced Search

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}

Possible security leak in ibrowser and imanager for tinyeditor

Login

Search

Recent Posts

Re: Privacy

Privacy

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}