news
RSS feed

PHP 4.3.1 released in response to CGI vulnerability

The PHP Group today announced the details of a serious CGI vulnerability in PHP version 4.3.0. A security update, PHP 4.3.1 , fixes the issue. Everyone running affected version of PHP (as CGI) are encouraged to upgrade immediately. The new 4.3.1 release does not include any other changes, so upgrading from 4.3.0 is safe and painless.
Comments?

MySQL 3.23.55 Released

MySQL 3.23.55, a new version of the popular Open Source Database, has been
released. It is now available in source and binary form for a number of
platforms from our download pages at http://www.mysql.com/downloads/ and
mirror sites.

Note that not all mirror sites may be up to date at this point of time -
if you can't find this version on some mirror, please try again later or
choose another download site.
Read more... | 2390 bytes more | Comments?

PHP Buffer Overflow in Wordwrap() Function May Let Remote Users Crash the Server

in: http://www.securitytracker.com/alerts/2002/Dec/1005863.html

SecurityTracker Alert ID: 1005863
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Dec 27 2002

Impact: Denial of service via network, Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): after 4.1.2 and before 4.3.0

Description: A buffer overflow vulnerability was reported in PHP. A remote user could cause the web service to crash or possibly execute arbitrary code.

Read more... | 4125 bytes more | Comments?

Security vulnerability in Gallery 1.1, 1.2.x, 1.3

Anybody using Gallery on your site should upgrade it right now. There will be no change to the files included in XOOPS patch for Gallery, so just upgrade your Gallery to the latest version, and apply the XOOPS patch again if you would like to keep using it as an XOOPS module.

Quote:

An alert system administrator for PowerTech an ISP in Norway discovered a security vulnerability in Gallery yesterday. This security hole is a serious one; with it a malicious user can install a backdoor on your system and gain shell access with the same privileges as your webserver user. It's important that you realize that there are malicious people exploiting this bug *right* *now*. Read through to the bottom of this email for a list of IP addresses of sites that we believe may already be hacked, and ways to detect if you've been hacked.

Update: The most secure version of Gallery available is v1.3.1-cvs-b13. Upgrade ASAP.


Source: News at Gallery website


You can also download the patch at http://www.xoops.it/ where you can find some detailed instructions for installing Gallery as a XOOPS module.
Comments?

Security hole in PHP

A security issue was found in all versions of PHP, including 3.x and 4.x versions.
If you are running PHP on your server (i'm sure you all here are ), either upgrade your php or install the patch found at php.net.

If you can't upgrade your php, because your site is hosted by an ISP, tell them to do so as soon as possible.

This is NOT a security hole of XOOPS. It doesn't matter which php script you use on your server, since this is a problem in PHP itself.

-- Update --
By BoobToob, Thursday Feb. 28th, 2002
Please read the full text of this artile. I posted the submission from Security Focus that gets very specific about what versions of PHP are affected and how to plug your current holes. I'm sending this to my ISP as we speak.

Eric Caldwell
aka BoobToob
Read more... | 5948 bytes more | Comments?

"Nukes" Security Hole !!

I run the site GroundZero. A while back it got hacked several times in a row. All that was done was replacing the index so not really a big deal but annoying. I now know how they were able to gain access to my site and they could very easily do it to some of yours...
Read more... | 948 bytes more | Comments?

Remove your install.php!

I checked several sites which uses XOOPS and found out some of them didn't delete the install script. The sites i checked received a email about it. Be warned!

Comments?
« 1 2 (3)