Security Release: XOOPS 2.0.12a

Mithrandir  28-Jun-2005 18:08  28070 reads   104 Comment(s) 
Just last Friday, we released XOOPS v2.0.11, but during the weekend, I had a great deal of communication with James from GulfTech Security Research, who helped me find and fix a couple of holes in the XML-RPC interface and the comment system.

Also, work done by XOOPS JP and JM2 and the zx team...


Mithrandir  08-Mar-2005 21:26  25656 reads   41 Comment(s) 
A vulnerability has been reported in the XOOPS core that allows registered users to upload possibly malicious scripts to the webserver.

The vulnerability is in the upload of custom avatars and until we have complete overview of the consequences and correction of this exploit, we advise all XOOPS...

Preventing IE6 from blocking I-stats cookies

janmetpet  10-Jun-2004 10:20  5491 reads   5 Comment(s) 
I use I-stats, a pretty decent stats module. The thing is that my IE6 keeps flagging up a cookie block from this module and thereby messing up my stats by presenting every pageview as a unique visitor.

I asked around and was unable to get answers in the forum, so I did some research myself. The...


goonsqad  07-Dec-2003 07:07  13467 reads   2 Comment(s) 
The PHLAK team over at will be releasing PHLAK 0.2 very soon. PHLAK is a modular live security distribution. It includes tools to perform network analysis, vulberability assessment, mitm attacks, forensics and more. PHLAK has chosen Xoops to be the structural base of their...

Directory traversal vulnerability on Xoops CMS module ...

ac3__  14-Jun-2003 15:08  4860 reads   5 Comment(s) 
Short description:

An attacker can use this flaw to execute arbitrary code of his choice on the remote system, run with the privileges of httpd. The code can be written in any scripting language whose parser is run in the remote system in cooporation with httpd, whether as module or...

PHP 4.3.1 released in response to CGI vulnerability

w4z004  18-Feb-2003 11:31  4722 reads   No comments 
The PHP Group today announced the details of a serious CGI vulnerability in PHP version 4.3.0. A security update, PHP 4.3.1 , fixes the issue. Everyone running affected version of PHP (as CGI) are encouraged to upgrade immediately. The new 4.3.1 release does not include any other changes, so...

MySQL 3.23.55 Released

w4z004  01-Feb-2003 02:44  4787 reads   No comments 
MySQL 3.23.55, a new version of the popular Open Source Database, has been
released. It is now available in source and binary form for a number of
platforms from our download pages at and
mirror sites.

Note that not all mirror sites may be up to date at this point of...

PHP Buffer Overflow in Wordwrap() Function May Let Remote ...

w4z004  31-Dec-2002 09:41  7345 reads   No comments 

SecurityTracker Alert ID: 1005863
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Dec 27 2002

Impact: Denial of service via network, Execution of arbitrary code via network, User access via network


Security vulnerability in Gallery 1.1, 1.2.x, 1.3

onokazu  02-Aug-2002 20:57  4655 reads   No comments 
Anybody using Gallery on your site should upgrade it right now. There will be no change to the files included in XOOPS patch for Gallery, so just upgrade your Gallery to the latest version, and apply the XOOPS patch again if you would like to keep using it as an XOOPS module.


An alert...

Security hole in PHP

onokazu  28-Feb-2002 13:05  4706 reads   No comments 
A security issue was found in all versions of PHP, including 3.x and 4.x versions. If you are running PHP on your server (i'm sure you all here are ), either upgrade your php or install the patch found at If you can't upgrade your php, because your site is hosted by an ISP, tell...

"Nukes" Security Hole !!

WildMan  08-Jan-2002 16:48  3864 reads   No comments 
I run the site GroundZero. A while back it got hacked several times in a row. All that was done was replacing the index so not really a big deal but annoying. I now know how they were able to gain access to my site and they could very easily do it to some of yours...

Remove your install.php!

MasterE  08-Jan-2002 15:41  4378 reads   No comments 
I checked several sites which uses XOOPS and found out some of them didn't delete the install script. The sites i checked received a email about it. Be warned!

« 1 (2)


Who's Online

216 user(s) are online (3 user(s) are browsing Publisher)

Members: 0

Guests: 216



Goal: $100.00
Due Date: Feb 29
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits