1
eric235u
TeamSpeak Vulnerability
  • 2007/4/17 10:50

  • eric235u

  • Not too shy to talk

  • Posts: 149

  • Since: 2004/12/19


hi all. i just happened to visit securityfocus this morning and saw this. i don't know anything else about it but thought it best to mention it in the forum. hope it's useful.

XOOPS TeamSpeak Display Module TSDisplay4xoops_block2.PHP Remote File Include Vulnerability
Bugtraq ID: 23518
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Apr 16 2007 12:00AM
Updated: Apr 17 2007 03:31AM
Credit: GolD_M is credited with the discovery of this vulnerability.
Vulnerable: tsdisplay4xoops tsdisplay4xoops 0.1
tsdisplay4xoops tsdisplay4xoops 0.08

from:
http://www.securityfocus.com/bid/23518/info

2
davidl2
Re: TeamSpeak Vulnerability
  • 2007/4/17 10:57

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


Is the version mentioned different to eh one by talunceford?

I notice the homesite they list for this module is: this

3
davidl2
Re: TeamSpeak Vulnerability
  • 2007/4/17 11:03

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


If a French speaker can advise the author - his site is here:

http://kisskool30.free.fr/

Thanks

4
kisskool
Re: TeamSpeak Vulnerability
  • 2007/4/20 12:31

  • kisskool

  • Just popping in

  • Posts: 3

  • Since: 2005/2/1 7


Hi,

I'm the french author for this XOOPS portage of Teamspeak Display from mrguide (sorry for my english ^^').

I read you're message and sorry for the inconvenience of security, i'm not a guru in php .

What can i do to fix this problem ?

Thanks for you're information.

For information, i doesn't work any more in this module, but i hope to have time to finish this module little later.

5
kisskool
Re: TeamSpeak Vulnerability
  • 2007/4/20 21:53

  • kisskool

  • Just popping in

  • Posts: 3

  • Since: 2005/2/1 7


Hi,

I delete the archive in my site 0.08, i delete the block we have the security problem, because is not use by the module.

I work to prupose a version without security problem soon. (I did'nt know this module it be used by somebody).

I don't understand how this module his reported to have a security problem, because i doesn't publish any version to product site, finally is better, i can take a moment to work on this, and learn "how to create a module without security problem" ^^.

If you have a security tutorial for newbie (like me) for xoops, i'll be very happy.

Thanks again.

6
Dave_L
Re: TeamSpeak Vulnerability
  • 2007/4/20 22:41

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


This isn't XOOPS-specific, but I recently came across this site: Open Web Application Security Project (OWASP).

and found an old post here that references it: https://xoops.org/modules/newbb/viewtopic.php?topic_id=16690

7
kisskool
Re: TeamSpeak Vulnerability
  • 2007/4/21 7:39

  • kisskool

  • Just popping in

  • Posts: 3

  • Since: 2005/2/1 7


I take the document, and website.

Thanks for info.

Login

Who's Online

323 user(s) are online (275 user(s) are browsing Support Forums)


Members: 0


Guests: 323


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits