| Author |
Message |
VinDSL
Life Cycles Becoming CPU Cycles
Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com
|
 Posted:
Wed Mar 08, 2006 3:12 am |
|
Here's a weird one for you: Only registered users can see links on this board! Get registered or login!
Just happened to run across it while I was searching for the latest PHP-Nuke vulns...
When did this start?
For example, type 'PHP-Nuke 6.0 Final' in the search box and see what comes up. 
Interesting, yes? |
_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. |
|
 
 |
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Wed Mar 08, 2006 5:32 am |
|
hhmmm... that is interesting indeed. It would be great if we knew which ones have been addressed via patches. Obviously, NukeSentinel will stop some of these, but, of course, its always better to have better written code! |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Wed Mar 08, 2006 9:12 am |
|
Wow - pretty comprehensive set of links .. SecurityReason, SecurityFocus, Secunia. Good to know they aren't missing out, and it helps us tremendously by all the cross-posted issues into one item. Good on their descriptions too
Time to get cracking. |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
|
evaders99
|
| Posted:
Wed Mar 08, 2006 10:44 am |
|
I went through all the latest reports. I'm surprised, one report even got linked back to NukeFixes
Here's one fix - http://www.nukefixes.com/ftopicp-9152.html#9152
Others seem to be correct in the Patched, except for this one
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0805
It is a flawed code from concept. I'm not sure exactly how to correct it - the CAPCHA code is something I'm not too familiar with. How do other systems manage to maintain a randomization that is designed to be used once? |
| |
|
|
|
|
VinDSL
|
| Posted:
Wed Mar 08, 2006 5:13 pm |
|
| evaders99 wrote: | | Time to get cracking... |
LoL! And, Raven says my puns are getting bad...  |
| |
|
|
|
|
VinDSL
|
| Posted:
Wed Mar 08, 2006 5:25 pm |
|
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Wed Mar 08, 2006 5:53 pm |
|
| evaders99 wrote: | I went through all the latest reports. I'm surprised, one report even got linked back to NukeFixes
Here's one fix - http://www.nukefixes.com/ftopicp-9152.html#9152
Others seem to be correct in the Patched, except for this one
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0805
It is a flawed code from concept. I'm not sure exactly how to correct it - the CAPCHA code is something I'm not too familiar with. How do other systems manage to maintain a randomization that is designed to be used once? |
Nuke doesn't really use a captcha. That would be FAR beyond FB's ability and he just hasn't found one to steal yet You are correct in the fact that it is a foundational flaw and the only way to correct it is to reconstruct. |
| |
|
|
|
|
evaders99
|
| Posted:
Wed Mar 08, 2006 10:15 pm |
|
Aye.. time to steal from phpBB?  |
| |
|
|
|
|
guidyy
Worker
Joined: Nov 22, 2004
Posts: 208
Location: Italy
|
| Posted:
Wed Mar 08, 2006 11:32 pm |
|
not to be the devil's advocate, but, about security, phpBB coding aint this great.....
guido |
| |
|
 |
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
