Current Stable MDPro Lite 1.0821 
Welcome
as a registered user you have some advantages like free downloads, comments and posting on our forums, depending upon this site's configuration and options.
Forums
Documentation
MAXdev Community
Latest Comments
Re: Have you receive...
العاب ون - &#... odai
Re: MDContact 3
We will release a new version in next days, we are work... TiMax
Re: MDContact 3
Mdpro is great, I can't find these features anywhere el... irmadilley
|
Posted by : TiMax -
Thursday, June 30, 2005
 Thanks to Andreas Krapohl [larsneo] of Postnuke Dev team we was notified about a security issue within the current MD-Pro and xmlrpc library.VULNERABILTIES- remote code injection via xml rpc library SOLUTIONIt is recommended that all admins deactivate and remove the 'xmlrpc' module within administration-modules and additionaly remove /xmlrpc.php and and the /modules/xmlrpc folder completly from the filesystem.We highly recommends to *not* use the xml rpc library until the maintainers [1] provide a secure solution. Once an updated version is available a modularized version will be provided for download as an additional module.CREDITSThe exploit has been originally found by James from GulfTech Security Research and was reported via security contact. Additionally the maintainers of the xml rpc library were contacted.[1] phpxmlrpc.sourceforge.net 
|
