Xoops Security Issues [Xoops Bug Reports] - XOOPS Web Application System

1

Xoops Security Issues

2005/6/25 3:29
jamesbond420
Just popping in
Posts: 6
Since: 2005/6/21

Is there a way to contact the XOOPS developers in regards to security issues?

2

Re: Xoops Security Issues

2005/6/25 3:47
jdseymour
Friend of XOOPS
Posts: 3782
Since: 2004/11/11

I will confirm procedures for this in the morning when Herko and Mith are online. For now if it is urgent contact one of them directly.

I will see if we can set up some kind of secure reporting structure.

Proactive Support for Sites and Servers

WebServerMasters.com | XOOPS Tutorials

3

Re: Xoops Security Issues

2005/6/25 4:11
jamesbond420
Just popping in
Posts: 6
Since: 2005/6/21

Well, the issues are fairly serious as it is highly exploitable sql injection in core xoops. My email address is security a|t gulftech d|o|t org

Thanks :)

4

Re: Xoops Security Issues

2005/6/25 6:10
Anonymous
Posts: 0
Since:

please, share this information for all

not in private

5

Re: Xoops Security Issues

2005/6/25 7:57
kgmetcalfe
Just popping in
Posts: 95
Since: 2005/3/24

no i dont think so... keep it inside away from the likes of you ... that wont use your real name.

come out of the darkness and be recognized. that is if you have the guts...

6

Re: Xoops Security Issues

2005/6/25 8:05
Herko
XOOPS is my life!
Posts: 4238
Since: 2002/2/4 1

Quote:

jamesbond420 wrote:
Well, the issues are fairly serious as it is highly exploitable sql injection in core xoops. My email address is security a|t gulftech d|o|t org

Thanks :)

Can you send the information you have on this to security|at|xoops|dot|org ? That way we can deal with it as quick as possible! And thanks for the heads up!

Herko

7

Re: Xoops Security Issues

2005/6/26 14:24
jamesbond420
Just popping in
Posts: 6
Since: 2005/6/21

All issues have been reported to Jan Pedersen :) Have you guys considered adding yourselves to this list?

http://www.osvdb.org/vendor_dict.php

Would make finding contact info alot easier :)

8

Re: Xoops Security Issues

2005/6/26 14:31
Mithrandir
XOOPS is my life!
Posts: 6320
Since: 2003/6/21

Quote:

Have you guys considered adding yourselves to this list?

I am now

Thanks for directing our attention there.

"When you can flatten entire cities at a whim, a tendency towards quiet reflection and seeing-things-from-the-other-fellow's-point-of-view is seldom necessary."

Cusix Software

9

Re: Xoops Security Issues

2005/6/26 15:02
javier
Not too shy to talk
Posts: 184
Since: 2002/8/6 1

Quote:

Anonymous wrote:
please, share this information for all

not in private

That have not sense, the only people who must know about that are the XOOPS developers,
Sharing with all the people, the only thing will do, is make the XOOPS sites more vulnerable.

excuse my bad english.
grettings
Javier

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Xoops Security Issues

Re: Xoops Security Issues

Re: Xoops Security Issues

Re: Xoops Security Issues

Re: Xoops Security Issues

Re: Xoops Security Issues

Re: Xoops Security Issues

Re: Xoops Security Issues

Re: Xoops Security Issues

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}