Security Patch for XOOPS 2.5.6

Mamba  24-Sep-2013 19:37  8858 reads   11 Comment(s) 
As always, security is on top of priority list of XOOPS!

Current users of XOOPS 2.5.6 are encouraged to download and apply a Security Patch.

Download: SourceForge File Repository

This security patch fixes some potential XSS issues discovered by Mehdi Dadkhah and fixed by Richard Griffith.


Security Patch for XOOPS 2.5.5

Mamba  24-Jan-2013 01:09  7510 reads   11 Comment(s) 
Current users of XOOPS 2.5.5 are encouraged to download and apply a Security Patch.

This patch is included in the upcoming XOOPS 2.5.6, which should be released in the next couple of weeks, after the testing of the Beta version is done.

Download: SourceForge File Repository

Security Patch for XOOPS 2.3.3

Mamba  20-Aug-2009 13:17  11306 reads   21 Comment(s) 
As discussed previously in forums, there are potential vulnerabilities identified in:

a) PM
b) Protector


While (a) is addressed by having Protector installed, and (b) is addressed by having "register_globals" disabled and having XOOPS_TRUST_PATH outside of the Document Root, we've...

Vulnerability in Protector if placed in DocumentRoot

phppp  09-Jan-2009 09:24  14855 reads   10 Comment(s) 
We've been made aware of a vulnerability of the Protector, if placed in the DocumentRoot

This is for all versions of XOOPS, if the XOOPS_TRUST_PATH (or xoops_lib) directory that contains the Protector, is placed in the DocumentRoot

As we've always communicated to you (e.g. in this article A Guide...

XOOPS 2.3.2b - Security Release

phppp  07-Dec-2008 12:20  27271 reads   37 Comment(s) 
The security is always on top of the list of XOOPS Developers. Therefore the XOOPS Development Team is pleased to announce the release of XOOPS 2.3.2b, an improved XOOPS 2.3.x release.

This release is solely for a couple of critical fixes, including an XSS vulnerability reported by Digital...

Protector Security Fix for XOOPS 2.0.x and 2.2.x users

Mamba  28-Nov-2008 14:13  8793 reads   14 Comment(s) 
Security is always the highest priority for XOOPS, and therefore we are releasing Security Updates as soon as we find a viable solution.

This is a temporary quick fix for Protector module, addressing potential local file inclusion vulnerability reported by DSRG. We hope that GIJOE, the author of...

XOOPS 2.3.2a - Security Release

phppp  26-Nov-2008 06:40  16879 reads   48 Comment(s) 
The XOOPS Development Team is pleased to announce the release of XOOPS 2.3.2a

This release is solely for a couple of critical security fixes, including an XSS vulnerability reported by Digital Research Group, potential local file inclusion vulnerability reported by DSG, Autologin bug reported by...

A Guide to Make your XOOPS Installation even more secure

anderssk  13-Sep-2008 20:35  14153 reads   21 Comment(s) 
The reason for writing this guide is NOT because XOOPS CMS-system isn’t secure enough.

It’s written to give new XOOPS'ers a chance to make, with a few changes, a secure installation even more secure. We believe, that existing users also can use the guide, for securing an already installed XOOP...


Security Update for Bluemoon Modules

dashbord  28-Apr-2008 13:52  6937 reads   3 Comment(s) 
We found XSS valnabirity at our sources.

Backpack v0.91 or before
Bmsurvey v0.84 or before
Newbb_fileup v1.83 or before
News_embed v1.44 ( news_fileup ) or before
Popnupblog v3.19 or before

If you are using those scripts we recommend update immediately.
Jump to vendor site

WF-Sections V2: New Exploits and Security Issues (Users ...

Mamba  15-Apr-2008 08:03  7619 reads   1 comment 
As always, XOOPS developers are committed to ensuring the highest security of XOOPS code. The message below comes from Catzwolf:


If you are still using WF-Sections v1+ and v2+ then I suggest that you read this please.

It has come to my attention that there is a few very bad security exploits...

XoopsGallery Module 'init_basic.php' Remote File ...

phppp  10-Jan-2008 03:15  31213 reads   4 Comment(s) 
XoopsGallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

XoopsGallery has been confirmed vulnerable.

we advise you to upgrade to XoopsGallery 2.1+ or inactivate the module immediately until this issue is solved.


vulnerability in phpmailer

phppp  14-Jun-2007 12:37  11465 reads   22 Comment(s) 
A vulnerability is reported in PHPMailer, which can be exploited by malicious people to compromise a vulnerable system if Sendmail method is enabled.

Although the issue is not critical in XOOPS environment, we would suggest to switch to other methods than Sendmail, or to download quick fixes:

vulnerability in SPAW editor

phppp  13-Jun-2007 04:05  14645 reads   12 Comment(s) 
Vulnerability was reported in some version of the SPAW editor, which is used by some of XOOPS third-party modules.

Module "tinycontent" is one of the modules using SPAW. Although we are not sure which version(s) is vulnerable, we suggest disable SPAW in tinycontent and remove the...

Easyhosting to consider withdrawal of support for Xoops

chippyash  03-Jun-2007 22:31  13467 reads   12 Comment(s) 
Following a hack on one of our websites, the site hosters have claimed that the hack occured because of insecurity in the Xoops systems.

Security Hole in XOOPS 2.2 - hotfix available

Mithrandir  28-Jul-2005 07:56  15253 reads   35 Comment(s) 
We have been made aware of a grave unintended exploitability in XOOPS 2.2 that could reveal your database username and password.

Everybody using XOOPS 2.2, get this hotfix (.zip) | (.tar.gz)
and get it NOW. Upload the contents to your webserver, overwriting the existing files.

To translators: Note...
(1) 2 »


Who's Online

836 user(s) are online (3 user(s) are browsing Publisher)

Members: 0

Guests: 836



Goal: $100.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits