The RavenNuke(tm) Team has found a possible XSS opportunity depending on different factors of how your forums are setup. The fix is to replace your current modules/Forums/posting.php file with this one. This fix has been tested on RavenNuke(tm) but should work for other versions too. Your versions of the file may already contain the fix (for other reasons) but we have confirmed that the exploit is in other flavors of nuke. Better safe than sorry :)! Be sure to read the README file for additional information.

Download posting.php fix

There has been an exploit that has been found and DOES affect all platinum sites. It is extremely important that you immediately replace the modules/Forums/favorites.php file with this one.

Exploit Fix

SECUNIA ADVISORY ID: SA27361

VERIFY ADVISORY: http://secunia.com/advisories/27361/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE:
RealPlayer 10.x - http://secunia.com/product/2968/
RealPlayer Enterprise 1.x - http://secunia.com/product/3342/
RealOne Player 1.x - http://secunia.com/product/666/
RealOne Player 2.x - http://secunia.com/product/2378/
Helix Player 1.x - http://secunia.com/product/3970/

DESCRIPTION: Multiple vulnerabilities have been reported in RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious people to compromise a user's system.
 Read More...

SECUNIA ADVISORY ID: SA27311

VERIFY ADVISORY: http://secunia.com/advisories/27311/

CRITICAL: Highly critical

IMPACT: Spoofing, Manipulation of data, Exposure of sensitive information, DoS, System access

WHERE: >From remote

SOFTWARE: Mozilla Firefox 2.0.x - http://secunia.com/product/12434/

DESCRIPTION: Some vulnerabilities and a weakness have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system.
 Read More...

SECUNIA ADVISORY ID: SA27313

VERIFY ADVISORY: http://secunia.com/advisories/27313/

CRITICAL: Highly critical

IMPACT: DoS, System access

WHERE: >From remote

SOFTWARE: Mozilla Thunderbird 2.x - http://secunia.com/product/14070/

DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which potentially can be exploited by malicious people to compromise a user's system. For more information see vulnerabilities #1 and #2 in: SA27311
 Read More...

SECUNIA ADVISORY ID: SA27251

VERIFY ADVISORY: http://secunia.com/advisories/27251/

CRITICAL: Moderately critical

IMPACT: Unknown, Manipulation of data, Exposure of sensitive information, DoS

WHERE: >From remote

REVISION: 1.1 originally posted 2007-10-17

SOFTWARE:
Oracle Database 10.x - http://secunia.com/product/3387/
Oracle9i Database Enterprise Edition - http://secunia.com/product/359/
Oracle9i Database Standard Edition - http://secunia.com/product/358/
Oracle Application Server 10g - http://secunia.com/product/3190/
Oracle Collaboration Suite 10.x - http://secunia.com/product/2450/
Oracle E-Business Suite 12.x - http://secunia.com/product/13979/
Oracle E-Business Suite 11i - http://secunia.com/product/442/
Oracle Enterprise Manager 10.x - http://secunia.com/product/2565/
Oracle PeopleSoft Enterprise Tools 8.x - http://secunia.com/product/9411/
Oracle PeopleSoft Enterprise Human Capital Management 8.x - http://secunia.com/product/13980/
Oracle PeopleSoft Enterprise Human Capital Management 9.x - http://secunia.com/product/14817/

DESCRIPTION: Multiple vulnerabilities have been reported for various Oracle products. Some have unknown impacts, other can be exploited to disclose sensitive information, conduct SQL injection attacks, or to cause a DoS (Denial of Service). Details are available for the following vulnerabilities:
 Read More...