Articles within Security
Security
Just last Friday, we released XOOPS v2.0.11, but during the weekend, I had a great deal of communication with James from GulfTech Security Research, who helped me find and fix a couple of holes in the XML-RPC interface and the comment system.
Also, work done by XOOPS JP and JM2 and the zx team...
Also, work done by XOOPS JP and JM2 and the zx team...
A vulnerability has been reported in the XOOPS core that allows registered users to upload possibly malicious scripts to the webserver.
The vulnerability is in the upload of custom avatars and until we have complete overview of the consequences and correction of this exploit, we advise all XOOPS...
The vulnerability is in the upload of custom avatars and until we have complete overview of the consequences and correction of this exploit, we advise all XOOPS...
I use I-stats, a pretty decent stats module. The thing is that my IE6 keeps flagging up a cookie block from this module and thereby messing up my stats by presenting every pageview as a unique visitor.
I asked around and was unable to get answers in the forum, so I did some research myself. The...
I asked around and was unable to get answers in the forum, so I did some research myself. The...
The PHLAK team over at http://www.phlak.org will be releasing PHLAK 0.2 very soon. PHLAK is a modular live security distribution. It includes tools to perform network analysis, vulberability assessment, mitm attacks, forensics and more. PHLAK has chosen Xoops to be the structural base of their...
Short description:
An attacker can use this flaw to execute arbitrary code of his choice on the remote system, run with the privileges of httpd. The code can be written in any scripting language whose parser is run in the remote system in cooporation with httpd, whether as module or...
An attacker can use this flaw to execute arbitrary code of his choice on the remote system, run with the privileges of httpd. The code can be written in any scripting language whose parser is run in the remote system in cooporation with httpd, whether as module or...
The PHP Group today announced the details of a serious CGI vulnerability in PHP version 4.3.0. A security update, PHP 4.3.1 , fixes the issue. Everyone running affected version of PHP (as CGI) are encouraged to upgrade immediately. The new 4.3.1 release does not include any other changes, so...
Security
MySQL 3.23.55, a new version of the popular Open Source Database, has been
released. It is now available in source and binary form for a number of
platforms from our download pages at http://www.mysql.com/downloads/ and
mirror sites.
Note that not all mirror sites may be up to date at this point of...
released. It is now available in source and binary form for a number of
platforms from our download pages at http://www.mysql.com/downloads/ and
mirror sites.
Note that not all mirror sites may be up to date at this point of...
in: http://www.securitytracker.com/alerts/2002/Dec/1005863.html
SecurityTracker Alert ID: 1005863
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Dec 27 2002
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:...
SecurityTracker Alert ID: 1005863
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Dec 27 2002
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:...
Anybody using Gallery on your site should upgrade it right now. There will be no change to the files included in XOOPS patch for Gallery, so just upgrade your Gallery to the latest version, and apply the XOOPS patch again if you would like to keep using it as an XOOPS module.
Quote:
Quote:
An alert...
Security
A security issue was found in all versions of PHP, including 3.x and 4.x versions. If you are running PHP on your server (i'm sure you all here are 
), either upgrade your php or install the patch found at php.net. If you can't upgrade your php, because your site is hosted by an ISP, tell them to...
), either upgrade your php or install the patch found at php.net. If you can't upgrade your php, because your site is hosted by an ISP, tell them to...
Security
I run the site GroundZero. A while back it got hacked several times in a row. All that was done was replacing the index so not really a big deal but annoying. I now know how they were able to gain access to my site and they could very easily do it to some of yours...
Security
I checked several sites which uses XOOPS and found out some of them didn't delete the install script. The sites i checked received a email about it. Be warned!
Login
Search
Recent Comments
Who's Online
Donat-O-Meter
| Stats | |
| Goal: | $100.00 |
| Due Date: | Feb 28 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|