The MAXdev team has been notified of a security issue by http://www.secunia.com the problem was found to be a SQL Injection Vulnerability in MDForum discovered by Stefano Angaram

The patch is available from <img src="modules/Tinymax/tiny_mce/plugins/filemanager/InsertFile/img/ext/zip_small.gif" alt="mdforum_patch_2612.zip" /> mdforum_patch_2612.zip (<span style="font-size: 80%">12.60 KB)  this affects all versions of MDForum 2.xx just replace file in modules/MDForum/includes 

We strongly recommend all users apply this patch to their sites ASAP

TiMax

I'm disgusted, very disgusted, to see that, we have received some blackmails to ask us money to know a vulnerability with SQL Injection afflict MDPro otherwise, if we don't pay, they will share this bug with some groups hackers, then today we have found some MD sites defaced, MAXdev.com, MAXdevitalia.com, site of our no profit association gpldev.org ..... yes I'm very disgusted because we work for free, we work for open source community and these people ask us money to let us know about bug, how you want call this persons ?? hackers ?? men ?? or what ?

We are under police investigation, we already know some identities and we will provide with all steps needed to punish these people, we will keep you informed  about that.

You can read about this bug here 

We invite all admins to update all MDPro web sites ASAP, you can get temporary fix in our Areafiles area, or you can click here,  you just need to overwrite file included, we don't guarantee but it should work with MDPro 1.076

TiMax
Project Manager 

We just opened new Areafiles section, ex Downloads section, it is based on new module Areafiles, converted, modified, whit new functions version of Downloads module of Sascha Jost - www.cmods-dev.de,   we're working to release this module soon to our MDBoosters.

We moved all old modules, blocks, not compatibles or untested with MDPro 1.08x into Archive category, then later we plan to add new downloads compatible with MDPro 1.08x in "Modules for MDPro " category.

Security fix for MDPro 1.076, please update your sitea as soon as possible.

You can download this fix here just overwrite all files

The MAXdev team has been notified of a security issue, the problem was found to be due to directory traversal vulnerability in error.php in MDPro 1.076 and earlier allows remote attackers to include and execute arbitrary local files under certain circumstances via the PNSVlang session variable which is included by error.php.

The patch is available from HERE this affects all versions of MDPro released up until this point.

Many thanks go to Larsneo for his help and collaboration

We strongly recommend all users apply this patch to their sites ASAP, all MDPro 1.0.76 packages have been updated to include this fix as from the 21-Nov-06 07:00 GMT