LT   EN   RU  
Friday 22 November 2019 Straipsniai.lt - Independent and informative portal
Home
Phorum
Contacts
Login
Register   Login
News subscribe
Subscribe   Unsubscribe
Partners
www.slaptai.lt www.gamezone.lt
www.penki.lt www.hakeriai.lt
   
   
Advertising
Statistic
Visits since 2002 09 12 - 66165307
Pages in Straipsniai.lt: 40735
  
  Computers > Computer technologies > Hackers
Lankomumo reitingas Print version Print version
phpBB Attachment Mod: new vulnerabilities discovered
Due to two new discovered vulnerabilities and the release of phpBB 2.0.11 a new attachment mod version has been released.
Please update your Attachment Mod to version 2.3.11 as soon as possible. You are able to use the changed files only package, if you haven't modified any attachment mod files or the patch file package if you are familiar with patch files. For all others the normal package should be sufficient. Please read the provided documentation.

This Mod adds the ability to attach files in phpBB2.
This Version will NOT work with phpBB2 Modules designed for *Nuke Portals. Those working with *Nuke Portals are ports and will be not supported here.

Changes since Version 2.3.10:

* fixed bug in GD/Imagick-Detection (on some installations thumbnailing images did not work)
* Added mysql index to attachment table for larger boards
* updated pre-edited files to be compatible with phpBB 2.0.11
* changed order of uploading files, resulting in hopefully getting the correct filesizes if the server does not allow file access outside the working directory
* added check for config table constant to update script
* fixed overwriting of group_id in admin_groups if Categories Hirarchie mod is installed
* fixed bugs regarding the 4GB limits users experienced
* fixed deletion of thumbnails
* fixed directory traversal injection (high severity) - Paul Laudanski (AKA Zhen-Xjell)
With this an attacker could be able to add/remove/execute files outside of the upload directory
* fixed multiple file extensions vulnerability (high severity) - Jeremy Bae at STG Security, Inc.
Due to the handling of mod_mime on multiple extensions an attacker is able to upload arbitrary script files to the web server.

If you need help, please first look at the Attachment Mod User Guide.

The new paskage can be obtained from:
http://www.phpbb.com/phpBB/catdb.php?mode=download&id=436728  or
http://sourceforge.net/project/showfiles.php?group_id=66311
 

         
Lankomumo reitingas

Diskusijos - Discusions

Versija spausdinimui - Print version

Atgal
Random tags:    People (56)    Monitors (10)    Astronomy (11)    Sport2 (8)    Scaners (10)    Fantasy (10)    Aviation (10)    Ecology (10)    Yoga (4)    Literature (24)    Telecomunication (40)    Hunting (3)    Helping and prevention (14)    Beer (10)    Hardware (43)    Computer piracy (10)    UFO (39)    Hobby (25)    Dragons (13)    Philately (8)    Aviculture (2)    Intercourse (265)    Egypt (43)    E - commerce (10)    Eurointegration (4)    Open source (9)    Love (48)    Economics2 (2)    Education (174)    Software (11)    Aquariums (28)    Kisses (13)    Mysticism 2 (3)    Tales (13)    Travels (2)    Computer games (64)    Law (11)    Narcotics no (13)    Geology (4)    Floriculture (10)    Architecture (2)    Motorcycles (33)    Computers (355)    Mobile communication (9)    Chess (10)    Countries (43)    Mother and child (17)    Photography (3)    Transport (54)    Casino’s (10)
1. Bill Gates and other communists
2. Wi-Fi overtakes Ethernet for home networks
3. Worm plays games with victims
4. McAfee Launches SiteDigger 2.0 - program, which checks sites for their vulnerabilities
5. Troy-horses infects Windows Media files?
6. iWork productivity software targets Microsoft's Office
7. Taiwan police seize 60,000 suspect AMD CPUs
8. IDC: 3 future technologies
9. Windows XP SP2 Firewall shows your files and printers to every Internet user
10. Multiple vulnerabilities within PHP <= 4.3.9, PHP5 <= 5.0.2
1. Multiple vulnerabilities within PHP <= 4.3.9, PHP5 <= 5.0.2
2. Taiwan police seize 60,000 suspect AMD CPUs
3. Who says safe computing must remain a pipe dream?
4. Bill Gates and other communists
5. Feds try to take logs from Nmap creator
6. McAfee Launches SiteDigger 2.0 - program, which checks sites for their vulnerabilities
7. New Internet domains in the works
8. Kazaa creates worst spyware threat, says CA
9. Windows XP SP2 Firewall shows your files and printers to every Internet user
10. Alert: New Sober variant rapidly spreading
Map