July 03, 2009 | 05:06 PM  
Welcome

Don't have an account yet? You can create one, it is free, just click here

as a registered user you have some advantages like free downloads, comments and posting on our forums, depending upon this site's configuration and options.

 • •  Control Panel - Register - Login  • • 
Current Stable MDPro Lite 1.0821 Download
Latest Comments
  Re: MDContact 3
Its been a while since any new update was posted for MD...
ifteba

  Re: New Areafiles section
Nice move
thanks
Mechael

  Re: Convert old modu...
iam waiting the docs
& thanks for this tutorial
Mechael

Posted by : TiMax - Monday, September 18, 2006
Security
Security fixes for MDPro

The MAXdev team has been notified of a security issue by http://www.jpcert.or.jp the problem was found to be due to poor performance of the pnVarCleanFromInput function at removing potentially harmful input that may result in XSS injection attacks

Another small bug was found with the AntiCracker which may have made it partially ineffective. We still recommend having the AntiCracker enabled, as it would have blocked against the majority of these attacks prior to the patch

The patch is available from HERE this affects all versions of MDPro released up until this point. For MDLite RC testers, MDLite is still marginally affected, the changes to MDPro 1.0.76 have already been backported in CVS and will be included with the next release

Many thanks go to Masaki Kubo from JPCERT/CC for their assistance in bringing this issue to our attention and testing the patch prior to release

We strongly recommend all users apply this patch to their sites ASAP, all MDPro 1.0.76 packages have been updated to include this fix as from the 18-Sep-06 09:00 GMT

PeteBest




   Printer friendly page  

Security fixes for MDPro 1.0.76 | Login/Create an account | 0 Comments
Comments are owned by their poster. We aren't responsible for their content.