New exploits revealed. One especially nasty one [Union Exploit] claims to get by Nuke Cop's Union Tap, but HackAlert catches it for sure. As to the others, Chatserv is busy right now preparing the fix packs. Stand by .....

Update: Chatserv writes "I had done a different workaround for some of these along with some others not mentioned by waraxe in version 2.4 of Nuke Patched but these seem good and there's no problem with adding them. Get the Fixes here."

PHP-Nuke Patched has been moved up to version 2.4, the "make sure you have all the latest fixes" release, with 2.4 PHP-Nuke 7.3 gets its own patch, it's the smallest one mainly because 7.3 already has PHP-NUke Patched incorporated so the patch only includes fixes and security code that was added after 7.3 was released or about the same time.

This will most likely be the last patch for 6.0 and some of the other 6.x versions unless something with enough merit requires updating them.

Download locations are the usual, for your convenience they can all be found in the front page of the following websites:
NukeResources - NukeFixes - NukeHaven - NukeSecurity and RavenphpScripts

I have updated my Hack Alert script to speed it up and avoid a variable naming conflict. Also I have enhanced/simplified the /* comment exploit/trap as it seems the kids get craftier every day :)

I've been testing an HTTP Basic Authentication routine for my admin.php file to ward off exploits and I am ready to ask you to test it. See this post for the details. Read More...

Confusion is abounding with people scrambling to protect their sites against UNION attacks, Base64, Admin adding, etc. In spite of some of the claims of needing this or that, the simple truth is, if you have my hackalert script and Chat's security fixes up to date, you have everything that you need to ward off all known exploits, including the GPC base64 exploit and the SQL C Comments exploit. These were all published before any other scripts included them. And, they are not beta - they are production quality. So, if you are using the scripts mentioned above, you should be safe, at least for now. Of course if you know of a new exploit or an issue with those mentioned above, please contact us immediately. Please note that Sting has contributed some valuable information in the forums also.

A group of volunteer security professionals has compiled one of the largest, most complete and most freely accessible databases of vulnerabilities on the Internet. Eweek Posting

Here is a direct link to the phpnuke entires.