qfk writes:  

TITLE: PHP-Nuke query SQL Injection Vulnerability
SECUNIA ADVISORY ID: SA17543
VERIFY ADVISORY: http://secunia.com/advisories/17543/
CRITICAL: Moderately critical
IMPACT: Manipulation of data
WHERE: From remote
SOFTWARE: PHP-Nuke 7.x - http://secunia.com/product/2385/
DESCRIPTION: sp3x has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "query" parameter when performing a search isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability has been confirmed in version 7.8. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY: sp3x

forgotz writes:  

Are you tired of Spyware, Malware and Adware programs being installed by ActiveX, but dont want to lose out on important functionality? Now offered from http://dadanuke.org as a PHP-Nuke block, (demo http://dev.dadanuke.org) all your guests or members will have to do is click on the Spyware Guide button or file link, double click it to enter it into the registry and activate the protection. Read More...

forgotz writes:  

When it comes to site security, you are your first best line of defense. Do not rely on the government or someone else to protect what you have worked so hard to achieve. One vital component of an overall security strategy is, the legal rights of both your site and it's members. Be very clear right up-front, as to what you will, can and in some cases do that may be necessary to protect the information stored in your database(s). One tool is available to assist and virtually cover every right and protection afforded to you and visitors to your site, DaDaNotes 0.81 (http://dadanuke.org). Read More...

forgotz writes:  

Recently an annonymous poster at http://dadanuke.org asked about our project and in particular, security. I'll re-post my rersponse here.

As you know, total security is illusive. Just ask M$, and that is my point. The popularity of PHP-Nuke is such, that hackers and mischievients are chewin' at the bone to find more holes in the code. Good and bad. Good, because it (PHP-Nuke) in time will become much more robust in it's coding. Bad of course, because us users and programers must remain aware and vigilant all the time, against attacks and resolutions to prevent further such events. Read More...

forgotz writes:  

PHP-Nuke Patched Series (http://nukeresources.com) has released version 3.1a for PHP-Nuke 7.8. Accordingly, we have updated DaDaNuke CMS 2.0 Revision: 7.8.0.3.1a. If you just wish to update your current 2.0 installation, visit http://nukefixes.com and download 7.8 patch. Read More...

hitwalker writes:  

Mozilla Web browsers are potentially more vulnerable to attack than Microsoft's Internet Explorer, according to a Symantec report. But the report, released Monday, also found that hackers are still focusing their efforts on IE. The open-source Mozilla Foundation browsers, such as the popular Firefox, have typically been seen as more secure than IE, which has suffered many security problems in the past. Mitchell Baker, president of the foundation, said earlier this year that its browsers were fundamentally more secure than IE. She also predicted that Mozilla Foundation browsers would not face as many problems as IE, even as their market share grows. Read More...