as a registered user you have some advantages like free downloads, comments and posting on our forums, depending upon this site's configuration and options.
Forums
Documentation
MAXdev Community
Latest Comments
Re: MDForum security fix
Thanks for the fixed! auctions antiques ... aubreehill
Re: MDPro 1.083 RC r...
thanks for the realeased! mac to ipod ... aubreehill
Re: Security fix for...
i think those black mailers are just jealous of what yo... aubreehill
|
Posted by : TiMax -
Thursday, June 30, 2005
Thanks to Andreas Krapohl [larsneo] of Postnuke Dev team we was notified about a security issue within the current MD-Pro and xmlrpc library.VULNERABILTIES- remote code injection via xml rpc library SOLUTIONIt is recommended that all admins deactivate and remove the 'xmlrpc' module within administration-modules and additionaly remove /xmlrpc.php and and the /modules/xmlrpc folder completly from the filesystem.We highly recommends to *not* use the xml rpc library until the maintainers [1] provide a secure solution. Once an updated version is available a modularized version will be provided for download as an additional module.CREDITSThe exploit has been originally found by James from GulfTech Security Research and was reported via security contact. Additionally the maintainers of the xml rpc library were contacted.[1] phpxmlrpc.sourceforge.net
|