XOOPS-magazine
Hauptmenu
Sidebar Navigation
Kategorien
Monatsarchive
RSS Feed
suck my

Breadcrumbs: Startseite

Social-Bookmarks
 
« LifeType Blogging for XOOPS
XOOPS 2.0.18 Released »

XOOPS mod_gallery Zend_Hash_key + Extract RFI Vulnerability

7. Januar 2008
Rene Sato (Views: 1767)

english.gif german.gif

module-gallery-zend-hash-vulnerabilityEs wurde eine Sicherheitslücke im Modul xoopsgallery gefunden.
XOOPS mod_gallery Zend_Hash_key + Extract REMOTE FILE INCLUDE.
Bug works only with register_globals = OFF.
Author: Eugene Minaev underwater@itdefence.ru.

http://www.milw0rm.com/exploits/4847

Security

2 Kommentare

  1. Kommentar von Rene Sato:
    8. Januar 2008 @ 22:25

    Version: Xoops XoopsGallery Module 1.3.3 9
    File: ‘init_basic.php’

    Reportedly, the latest version of the module (XoopsGallery 2.1 rc4) is not vulnerable to this issue, but Symantec has not verified this.

  2. Kommentar von Huaba:
    14. Januar 2008 @ 12:02

    Ich finde es erschreckend, das Xoops in der Liste das einzige CMS ist! Vor allem, da es ja auch nicht das am meisten verbreiteste ist. Wenn hier noch Joomla oder Typo3 stehen würde, würde ich das verstehen…

Einen Kommentar hinterlassen

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 5 chars within 0..9 and A..F, and submit the form.

  

Oh no, I cannot read this. Please, generate a

Powered by XOOPS 2.0.16 © 2001-2007 The XOOPS Project

Design by XOOPS-magazine.com Powered by XOOPS 2.0.16 | Ref: 1220636841
Impressum / Disclaimer Impressum | Kontakt / Contact Kontakt | Xoops Headlines all Xoops-Headlines | Xoops Headlines Sitemap | Xoops Headlines Stats

Admin-Infos: 0.785 Sekunden / secounds + 3 Abfragen / queries
Special thanks to Link > matchan matchan and Link > kruxmux kruxmux!


xoops topliste