Security

Security Patch for XOOPS 2.5.6

Mamba  24-Sep-2013 19:37  8772 reads   11 Comment(s) 
As always, security is on top of priority list of XOOPS!

Current users of XOOPS 2.5.6 are encouraged to download and apply a Security Patch.

Download: SourceForge File Repository


This security patch fixes some potential XSS issues discovered by Mehdi Dadkhah and fixed by Richard Griffith.

While...
 
Security

Security Patch for XOOPS 2.5.5

Mamba  24-Jan-2013 01:09  7407 reads   11 Comment(s) 
Current users of XOOPS 2.5.5 are encouraged to download and apply a Security Patch.

This patch is included in the upcoming XOOPS 2.5.6, which should be released in the next couple of weeks, after the testing of the Beta version is done.

Download: SourceForge File Repository
 
Security

Security Patch for XOOPS 2.3.3

Mamba  20-Aug-2009 13:17  11256 reads   21 Comment(s) 
As discussed previously in forums, there are potential vulnerabilities identified in:

a) PM
b) Protector

modules.

While (a) is addressed by having Protector installed, and (b) is addressed by having "register_globals" disabled and having XOOPS_TRUST_PATH outside of the Document Root, we've...
 
Security

Vulnerability in Protector if placed in DocumentRoot

phppp  09-Jan-2009 09:24  14809 reads   10 Comment(s) 
We've been made aware of a vulnerability of the Protector, if placed in the DocumentRoot

This is for all versions of XOOPS, if the XOOPS_TRUST_PATH (or xoops_lib) directory that contains the Protector, is placed in the DocumentRoot

As we've always communicated to you (e.g. in this article A Guide...
 
Security

XOOPS 2.3.2b - Security Release

phppp  07-Dec-2008 12:20  27215 reads   37 Comment(s) 
The security is always on top of the list of XOOPS Developers. Therefore the XOOPS Development Team is pleased to announce the release of XOOPS 2.3.2b, an improved XOOPS 2.3.x release.

This release is solely for a couple of critical fixes, including an XSS vulnerability reported by Digital...
 
Security

Protector Security Fix for XOOPS 2.0.x and 2.2.x users

Mamba  28-Nov-2008 14:13  8742 reads   14 Comment(s) 
Security is always the highest priority for XOOPS, and therefore we are releasing Security Updates as soon as we find a viable solution.

This is a temporary quick fix for Protector module, addressing potential local file inclusion vulnerability reported by DSRG. We hope that GIJOE, the author of...
 
Security

XOOPS 2.3.2a - Security Release

phppp  26-Nov-2008 06:40  16824 reads   48 Comment(s) 
The XOOPS Development Team is pleased to announce the release of XOOPS 2.3.2a

This release is solely for a couple of critical security fixes, including an XSS vulnerability reported by Digital Research Group, potential local file inclusion vulnerability reported by DSG, Autologin bug reported by...
 
Security

A Guide to Make your XOOPS Installation even more secure

anderssk  13-Sep-2008 20:35  14091 reads   21 Comment(s) 
The reason for writing this guide is NOT because XOOPS CMS-system isn’t secure enough.

It’s written to give new XOOPS'ers a chance to make, with a few changes, a secure installation even more secure. We believe, that existing users also can use the guide, for securing an already installed XOOP...

 
Security

Security Update for Bluemoon Modules

dashbord  28-Apr-2008 13:52  6890 reads   3 Comment(s) 
We found XSS valnabirity at our sources.

Backpack v0.91 or before
Bmsurvey v0.84 or before
Newbb_fileup v1.83 or before
News_embed v1.44 ( news_fileup ) or before
Popnupblog v3.19 or before

If you are using those scripts we recommend update immediately.
Jump to vendor site
 
Security

WF-Sections V2: New Exploits and Security Issues (Users ...

Mamba  15-Apr-2008 08:03  7564 reads   1 comment 
As always, XOOPS developers are committed to ensuring the highest security of XOOPS code. The message below comes from Catzwolf:

Quote:

If you are still using WF-Sections v1+ and v2+ then I suggest that you read this please.

It has come to my attention that there is a few very bad security exploits...
 
Security

XoopsGallery Module 'init_basic.php' Remote File ...

phppp  10-Jan-2008 03:15  31170 reads   4 Comment(s) 
XoopsGallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

XoopsGallery 1.3.3.9 has been confirmed vulnerable.

we advise you to upgrade to XoopsGallery 2.1+ or inactivate the module immediately until this issue is solved.

Thank...
 
Security

vulnerability in phpmailer

phppp  14-Jun-2007 12:37  11405 reads   22 Comment(s) 
A vulnerability is reported in PHPMailer, which can be exploited by malicious people to compromise a vulnerable system if Sendmail method is enabled.

Although the issue is not critical in XOOPS environment, we would suggest to switch to other methods than Sendmail, or to download quick fixes:
fix...
 
Security

vulnerability in SPAW editor

phppp  13-Jun-2007 04:05  14594 reads   12 Comment(s) 
Vulnerability was reported in some version of the SPAW editor, which is used by some of XOOPS third-party modules.

Module "tinycontent" is one of the modules using SPAW. Although we are not sure which version(s) is vulnerable, we suggest disable SPAW in tinycontent and remove the...
 
Security

Easyhosting to consider withdrawal of support for Xoops

chippyash  03-Jun-2007 22:31  13416 reads   12 Comment(s) 
Following a hack on one of our websites, the site hosters have claimed that the hack occured because of insecurity in the Xoops systems.
 
Security

Security Hole in XOOPS 2.2 - hotfix available

Mithrandir  28-Jul-2005 07:56  15196 reads   35 Comment(s) 
We have been made aware of a grave unintended exploitability in XOOPS 2.2 that could reveal your database username and password.

Everybody using XOOPS 2.2, get this hotfix (.zip) | (.tar.gz)
and get it NOW. Upload the contents to your webserver, overwriting the existing files.

To translators: Note...
 
(1) 2 »


Login

Who's Online

200 user(s) are online (5 user(s) are browsing Publisher)


Members: 0


Guests: 200


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits

Categories