phpBB Auction Module Vulnerable To File Inclusion Exploit

February 21st, 2006 I stumbled upon Simple Machines Forum, from Simple Machines, which appears to be an excellent software and competitor to phpBB forum software which I use. It supports hierarchical representation of categories unlike phpBB.

February 5th, 2009 The simplest way to start this topic is, PHPBB is hacked. You must have heard of it by now.

June 29th, 2006 Kw3[R]Ln has discovered a vulnerability in the MOD_CBSMS module for Mambo, which can be exploited to compromise a machine serving Mambo CMS. Input passed to the "mosConfig_absolute_path" parameter in mod_cbsms_messages.php isn't properly verified, before it is used to include files.

March 22nd, 2008 Users, including forum admins, sometimes gets message while editing a post, sometimes for quick edits and sometimes for longer edits - "The submitted form was invalid. Try submitting again." This is not really an error but one of the two protection mechanisms in place in phpBB to protect your forum from spams.

April 13th, 2008 In Apache HTTPD server normally when you have no index or default page in a directory, a visitor may be served with a full list of files in that the directory. This could pose a serious security risk.

July 10th, 2008 We now have our phpBB forum running on Nginx web server, a high quality and significantly better performing web server than Apache HTTPD. Soem of the challenges we faced were: We use nice permalinks in the forum so there are lots of apache httpd rewrite rules in .htaccess files which had to be converted to nginx format.

July 5th, 2005 PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-RPC, web RPC protocol, and was originally developed by Edd Dumbill of Useful Information Company. As of the 1.0 stable release, the project has been opened to wider involvement and moved to SourceForge.

June 29th, 2006 KeyCoder has discovered a vulnerability in the MyAds module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "lid" parameter in annonces-p-f.php isn't properly sanitised before being used in a SQL query.

June 21st, 2006 Archit3ct and IR4DEX GROUP have discovered a vulnerability in SmartSiteCMS, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "root" parameter in include/inc_foot.php is not properly verified before being used to include files.

May 5th, 2006 InfoParc released version 4.54 of absoluteBUSY web CRM software. It includes a new sales module plus new unlimited keyword/tagging, an interesting feature by all counts.

March 14th, 2009 Social connection through online world is becoming more and more relevant these days. Even Google isn't ignoring it.

March 10th, 2009 Are you one of those Telegraph subscribers? You must have known by know that the online website of British UK newspaper Telegraph has been hacked. The proofs in Hackersblog confirm that the site has been hacked by Romanian whitehat hacking group.

July 12th, 2008 Nginx is a high performance web server and mail proxy server written by Igor Sysoev and a good replacement for Apache HTTPD, the market leader. Nginx is rapidly increasing its market share with major websites joining it like wordpress.com.

August 13th, 2005 A command execution vulnerability has been found in WordPress's handling of incoming cookie information which allows remote attackers to cause the program to execute arbitrary code if the PHP settings of register_globals has been set to On. Already a perl and php exploit is available.

April 4th, 2008 Nobody is a happier loser than Google when it lost the auction to win the highly coveted premium wireless spectrum to Verizon. The premium wireless spectrum (C block) would have cost Google $4.7 billion, inadvertently thrusting the company into the wireless business and could have sent Google’s shares even lower.