coyoweb writes:  

Small Problem on the administration Forums the error is Access Denied

Only open modules/Forums/admin/forums.php


-------Find Code------


if (!eregi("admin.php", $_SERVER['SCRIPT_NAME'])) { die ("Access Denied"); }


------Replace with------


global $admin_file;
if (!eregi("".$admin_file.".php", $_SERVER['SCRIPT_NAME'])) { die ("Access Denied"); }


by CoyoWeb

elrayjones writes:  

Discount Outpost Traders is looking for anyone from RavenScripts that would like to be a Forums Moderator. I have the WebMasters Workshops setup and will be adding other topics. I'm working on SEO, and will soon be summiting to all major search engines and banner exchanges. Moderators must be 18 or over. Moderators can have a say in the design of the forums, and open there own topics if they wish. However, the WebMaster Workshops require that you have your own site up and running. Benefits include that good felling you get knowing that you help others, plus free ads.

goto http://www.godotshop.com/modules.php?name=Forums&file=viewtopic&t=3
and post feedback.

Thank You
EJ

Thanks to Chatserv, as always, for fixing FB's mistakes. I have patched the 7.6 download with Chat's 2.6 patches. This was patched at approximately 21:52.

64BitGuy posted about this in the forums, but we need to have this here too.

It has been brought to our attention that the highlighting exploit can be taken advantage of, and it a serious way. We are hastily preparing a new release. However that release contains a number of other fixes and additions and thus we carrying out some internal testing to limit the chances of other issues arising.

In the mean time we strongly, and I mean strongly! urge all our users to make the following change to viewtopic.php as a matter of urgency.

Open viewtopic.php in any text editor. Find the following section of code:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));

for($i = 0; $i < sizeof($words); $i++)
{


and replace with:

//
// Was a highlight request part of the URI?
//
$highlight_match = $highlight = '';
if (isset($HTTP_GET_VARS['highlight']))
{
// Split words and phrases
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));

for($i = 0; $i < sizeof($words); $i++)
{

Note: 

Please inform as many people as possible about this issue. If you're a hosting provider please inform your customers if possible. Else we advise you implement some level of additional security if you run ensim or have PHP running cgi under suexec, etc.

southern writes:  

Category: Application (Calendar) > Event Calendar (PHP-Nuke Module) Vendors: holbrookau.net
Event Calendar Input Validation Holes Let Remote Users Inject SQL Commands

SecurityTracker Alert ID: 1012245
SecurityTracker URL: http://securitytracker.com/id?1012245
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Nov 16 2004

Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
 Read More...

Note: 

From the author: "NOTICE Due to numerous security issues found recently, the PHP-Nuke Event Calendar module formally found on this site is no longer available. Sorry, but as I don't have the time nor expertise to try and patch up the code, I suggest to those using it to delete it from their sites and seek a more secure and up-to-date alternative. - Holbrookau"

Download phpNuke v7.6,

Read on for the Change Log. Read More...

Note: 

Already there appears to be security issues and more with 7.6. Download and use at your own risk. See this thread for more information.