VinDSL writes:  

An exploit for the just-patched IDN bug in Mozilla's Firefox browser and namesake suite has been published on the Internet, a French security vendor said late Thursday. The hack creates a heap buffer overflow, and when it works, can give the user complete control of a vulnerable machine running Firefox, Mozilla, or even Netscape.

FrSIRT warned users of Firefox and Mozilla that the exploit code -- which FrSIRT published in its entirety, a not-uncommon practice for the firm -- should be considered a critical risk.

Tuesday, Mozilla patched the Firefox browser against the bug in its support of international domain names (IDN). Thursday, it followed up with a similar fix for the Mozilla suite in its Windows, Linux, and Mac OS X incarnations. Netscape, however, has not yet patched that browser.

Firefox 1.0.7 and Mozilla 1.7.12, which stymie the exploit, can be downloaded from the Mozilla site.

Source: informationweek.com/story/showArticle...

Bob Marion writes "I/we now have PHP-Nuke 7.9 and are finding that it does not have Patched 3.0 or 3.1 and there are major security issues already with it. I have to say great job mr. burzi! Please DO NOT use 7.9 until these issues are worked on and resolved! Unless of course you want your site hacked to pieces! In a nutshell folks, the difference between 7.8 and 7.9 can been seen in one new function:
function filter($what, $strip="", $save="", $type="") { and a ton of bs fake patches."

64BitGuy writes "Again, this is an official warning to everyone! Do not use PHP-Nuke 7.9 unless you have overwhelming desires to be completely hacked (it took me about 30 seconds to hack this on my test domain) and you enjoy having your hosting provider ban your domain for abuse and resources consumption."

Bob Marion writes "After having received a report from one of my users that a new PHP-Nuke package seemed to cause him to get spanish spam I opened the package and found that the Your Account module has 3 calls to copy any new user info to another site. The package comes from PHP-Nuke 7.8 RC8 OP ES. This is just one case of never using non-trusted sites packages!"

bcmx55 writes:  

PHP-Nuke 7.8 RC8
From Bob Marion:

It is advised that no one use this package as I have just found highjacking coding in the Your Account module. This code sends all of your new users info to http://www.solicitados.com in a covert way!

See Serious Security Vulnerability In Manuals for the foundation of this News item. While Chris has made a valiant effort to contact everyone he knows of to help get the word out, his successful methodology for transforming most any manual to a nuke module has created a multi-headed hydra of sorts! The 3 manuals that he mentions in the original article are the ones that he is aware of. I can name several others right off the top of my head that suffer the same malady. For obvious reasons I won't, but if you know of any others and/or use them on your site, you would do well to either pull them until you have time to update the index.php file or update it Immediately.

From Chris Karakas "Hello Nukers,

I have been informed by waraxe that the PHP Manual, PEAR manual and PHP-Nuke HOWTO modules for PHP-Nuke have a serious security vulnerability. I have checked it and it is indeed so. I have made available new, corrected versions in

PHP Manual module for PHP-Nuke
PEAR Manual module for PHP-Nuke
PHP-Nuke HOWTO module for PHP-Nuke

In case you have one of these installed on your site, please upgrade as soon as possible - you also get the newest manuals as a reward. ;-) "