bureX
May 7 2005, 09:20 PM
phpBB 2.0.15 is out! It has a few bugfixes and improved security features. Don't wait to be a victim of an exploit! You can download it from here: http://www.phpbb.com/downloads.phpHere is the notification e-mail that I have received: QUOTE("The phpBB team") Hi everyone,
phpBB Group announces the release of phpBB 2.0.15, the "summer needs to be hot" release. This release addresses some bugfixes and addressing some security issues, one being serious. With this release the admin re-authentication security feature from phpBB Olympus has been backported to the 2.0.x branch too.
In includes/bbcode.php
Find:
{
global $lang, $bbcode_tpl;
After, add:
$text = preg_replace('#(script|about|applet|activex|chrome):#is', "1:", $text);
Find:
*/
function make_clickable($text)
{
After, Add:
$text = preg_replace('#(script|about|applet|activex|chrome):#is', "1:", $text);
Language authors please note that one language variable has been added too.
As with all new releases we urge you to update as soon as possible. You can of course find this download available on our downloads page (http://www.phpbb.com/downloads.php). As per usual three packages are available to simplify your update.
The Full Package contains entire phpBB2 source and English language package.
The Changed Files Only contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release.
Patch Files contains patch compatible patches from the previous versions of phpBB.
Select whichever package is most suitable for you.
The changelog (contained within this release) is as follows:
- Fixed moderator status removal in groupcp.php
- Removed newlines after ?> on some files - Thoul
- Added admin re-authentication (admin needs to login seperatly to access the ACP) - backported from Olympus
- Fixed vulnerability in url/bbcode handling functions - PapaDos and Paul/Zhen-Xjell from CastleCops
- Fixed issue in admin/admin_forums.php
- Suppressed warning message for fsockopen in /includes/smtp.php - Thoul
- Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) - Exy
- Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)
- Updated the readme file
- Added one new language variable
- Added general error if accessing profile for a non-existent user
- Changed session id generation to be more unique - Henno Joosep
- Fixed bug in highlight code to escape characters correctly
- Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.
- Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file
- Fixed bypassing of validate_username on registration - Yen
- Empty url/img bbcodes no longer get parsed
Anyway, if you think that the phpBB team is just releasing "bugfix updates", think again! The next big update will be 3.0.0 and is currently being developed under the codename "Olympus". You can see more about it's progress here: http://area51.phpbb.com/And, if you want to try this out the newest beta version of phpBB: http://area51.phpbb.com/phpBBStay tuned 
Reply
bureX
May 7 2005, 09:43 PM
Here is another e-mail that I have received a moment ago: QUOTE("The phpBB team") Hi everyone, within the last email a small but important error has been slipped through. Somehow the small fix noted has been broken by our mailing software. Please do NOT apply this fix if you copied it from the mail. For the correct fix and the original announcement, please visit http://www.phpbb.com/phpBB/viewtopic.php?t=288194 Thank you, and sorry for the inconvenience. The phpBB Group. Reply
GM-University
May 7 2005, 11:54 PM
I used to be phpBB only, but I gave it up and am now experimenting using phpNuke and IPB, IPB ported to phpNuke instead of phpBB. I don't like that exploits come out so much, Olympus may bring me back to the phpBB groups software though... But I don't know for sure though...
Reply
Damann
May 8 2005, 01:23 AM
wasnt phpbb 2.0.15 released a LONG LONG LONG time ago?
Reply
hellgate
May 8 2005, 09:22 AM
QUOTE(GM-University @ May 7 2005, 11:54 PM) I used to be phpBB only, but I gave it up and am now experimenting using phpNuke and IPB, IPB ported to phpNuke instead of phpBB. I don't like that exploits come out so much, Olympus may bring me back to the phpBB groups software though... But I don't know for sure though... yeah i dont like those exploits either!! i use invision board. nefore i use phpbb but it was boring me. and now i am making my own forum:P
Reply
badinfluence
May 8 2005, 06:12 PM
just wondering official support sub forum/category module avaliable in coming up version in phpBB.. but i will update it next month.. bec just wait and see untill all bugs've gone 
Reply
Odyssey
May 8 2005, 07:11 PM
I just updated my forum with the latest updates. I also got an email from the phpBB team saying that theres an update. I like to use phpBB, but I might switch over to Invision Power Board because it is much more secure. I always dont like to update my forumm, it gets annoying after a while. The only reason why I am sticking with phpBB is so I can customize it easy.
Reply
bureX
May 8 2005, 09:36 PM
QUOTE(Damann) wasnt phpbb 2.0.15 released a LONG LONG LONG time ago?
Nope... Maybe you are thinking about phpBB 2.0.14?
Reply
LeAnn Rimes My Angel
May 30 2005, 04:45 PM
New releases come out often whenever phpBB users find them. It's good that they update so quickly, so people's forums remain safer to use, and in order. I've personally known several people who had their forums hacked. Sometimes it's mods or portals they install. Other times, it's outdated forums. The coders sometimes make mistakes, but they correct it quickly with updates. Two versions I know which had major critical issues due to coding was 2.0.10 and 2.0.12.
Reply
conehead
May 30 2005, 07:31 PM
Yes, I agree, they are on top of things, and I have been a phpbb user for a long time. I'm just waiting for phpbb3 to come out. I can't wait.
Reply
LeAnn Rimes My Angel
May 31 2005, 03:59 PM
At the moment, they're very slow on getting phpBB 3.0.0 (Olympus) out. They did say that phpBB 2.0.x will continue to be supported, even after Olympus comes out. For anyone interested in testing Olympus just to have some idea what it will be like, be sure to check out their site for new hourly updates here: http://area51.phpbb.com/Just a note however, it is still being created, so it's not even in the 'beta' testing stage yet. Use it at your own risk! There is no support for it whatsoever.
Reply
karlo
May 31 2005, 03:37 PM
QUOTE(shigajet @ May 31 2005, 08:58 PM) I have phpbb installed (from Fantastico) but I've yet to update it...then again I haven't had the chance to use it much...if at all. I haven't had the time to do either as of late...maybe sometime over the next few days. Try using wtcBB ... Wonderful script! Try it...
Reply
shigajet
May 31 2005, 12:58 PM
I have phpbb installed (from Fantastico) but I've yet to update it...then again I haven't had the chance to use it much...if at all. I haven't had the time to do either as of late...maybe sometime over the next few days.
Reply
guangdian
May 31 2005, 02:25 AM
i think it's a sort of "security & exploits".hnn what abt phpbb3? i'm waiting for it.i just know that 2.0.15 has get out.to me it's really an long long ago~..
Reply
bureX
May 30 2005, 09:32 PM
Go to... http://area51.phpbb.com/phpBB/...register and discuss about the new features in the "New features discussion" forum. You can also make a feature request if you want: http://sourceforge.net/tracker/?atid=58020...885&func=browse
Reply
Recent Queries:--
phpbbforum3 - 113.97 hr back. (1)
Similar Topics
Keywords : phpbb 15- Hackers Hijack A Half-million Sites: Phpbb Forum Users Must Read
- (8)
- Phpbb Hackers
- LOL (21)
I got an email today: The following is an email sent to you by an administrator of "KORUPTION OWNZ
YOUR S****Y SITE". If this message is spam, contains abusive or other comments you find offensive
please contact the webmaster of the board at the following address: korupted@korupted.com Include
this full email (particularly the headers). Message sent to you follows:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dear members. Your petty website has been hacked. The hacker's
name is Koruption. Next time dont use a outdated verison of phpbb b***hes So im a bit pissed off
and chec...
Phpbb 2.0.18
- Released on the 31st (12)
To anyone out there using phpBB, the next release has been sent out. Report:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756 Download:
http://www.phpbb.com/downloads.php Additional Download for the Changed Files Only:
http://www.phpbb.com/files/releases/change...8_repackage.zip I found an error! One of the
reports was made by myself. Even though it was not a bug, it was about the cosmetic display on the
index page concerning the subSilver template. As people may have noticed, the ''Mark all
forums read'' is displayed before you even...
[exploit] Phpbb <=2.0.12 Vulnerability.
- How to be Admin on phpBB in Simple steps (2)
Another vulnerability in PHPbb based forums that can be used to easily gain any user level access to
the forum. Even the admin account is not not secure with the default setup. Click Here for more
details about -"How to be Admin on phpBB in Simple steps!" And here is the Homepage of
PHPbb and click here to download the latest version....
[exploit] Phpbb 2.0.15 "viewtopic.php"
- Remote PHP Code Execution Exploit (3)
phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print
"\nphpBB 2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org"
print " well, just because there is none." import sys from urllib2 import Request, urlopen from
urlparse import urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' '
ENDTAG = ' ' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += ...
And Again A New Phpbb
- phpBB 2.0.17 (17)
Again got me a nice email from phpBB group...: QUOTE Hi everyone, phpBB Group announces the
release of phpBB 2.0.17, the "no, we did not forget naming it last time" release. This release
addresses several bugfixes and some low security issues as well as the recently seemingly
wide-spread XSS issue (only affecting Internet Explorer). Please have a look down this announcement
for the code changes necessary to fix the XSS issue, we are again astounded about the energy people
put into finding the smallest issue in phpBB 2.0.x, those must have a lot of time available. ...
Phpbb 2.0.16 Is Out!
- A new version again... (8)
PhpBB, one of the most popular PHP based forums is here out in the form of a new version - 2.0.16. A
few critical issues were corrected, but other than that, nothing special... Still waiting for
Olympus /sad.gif' border='0' style='vertical-align:middle' alt='sad.gif' /> QUOTE Hi
everyone, phpBB Group announces the release of phpBB 2.0.16. This release addresses some bugfixes
and one critical security issue. To fix this, please apply the following change: In viewtopic.php
Find: CODE $message = str_replace('"', '"', substr�...
Phpbb Upload Script "up.php" Arbitrary File Upload
- (0)
To: BugTraq Subject: phpBB Upload Script "up.php" Arbitrary File Upload Date: Apr 8 2005 2:21AM
Author: Status-x Message-ID:
##################################################################### Advisory #1 "phpBB Upload
Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: phr4xz gmail com -
status-x hackersoft net $ Date: 7 April 2005 $ Website: http://defacers.com.mx $
Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor
URL: http://phpbb.com $ Affected Software: phpB...
Bugs Found In Phpbb 2.0.13
- PhpBB 2.0.14 released to fix them (8)
Recently, a few exploits were made for phpBB 2.0.13 (like this one):
http://lists.virus.org/bugtraq-0503/msg00109.html And some bugs were noticed as well (like this
one): http://www.addict3d.org/index.php?page=vie...ecurity&ID=3563 And so, the phpBB team has
released a new version of phpBB - 2.0.14. Here is the e-mail that I have received from their mailing
list: QUOTE(phpBB list) Hi everyone, phpBB Group announces the release of phpBB 2.0.14, the "We
know we are (not) furry" edition. This release addresses some bugfixes as well as fixing some minor
non-critic...
Phpbb Exploit
- (17)
Recently, an exploit has been found out that allows people to use their cookies to gain access to
the ACP. And Firefox assists with it /ohmy.gif' border='0' style='vertical-align:middle'
alt='ohmy.gif' /> ! Basically what happens that is when you visitthe phpBB forum, it logs a
cookie containing your Session ID (Basically who and when you are). What it does, after much
decoding and encoding, is allows you to replace your SID with the admin's, thus enabling them to
gain access. To fix this, upgrade to the latest version of phpBB, 2.0.13. Dun dun dunnnnn! B...
Phpbb Exploit
- PhbBB exploits unleashed! (4)
/laugh.gif' border='0' style='vertical-align:middle' alt='laugh.gif' /> hello Oh
!!!!! agian PHPBB exploits & bugs phpbb team must /laugh.gif' border='0'
style='vertical-align:middle' alt='laugh.gif' /> dead check here
http://k-otik.com/exploits/20050228.phpbbsession.c.php /wink.gif' border='0'
style='vertical-align:middle' alt='wink.gif' /> for more security use IPB OR VBULLETIN
/unsure.gif' border='0' style='vertical-align:middle' alt='unsure.gif' /> Thanks Best REgars ,
liridonahm EDIT : PHPBB EXPLOITS, Trap17 is not responsible ...
Looking for phpbb, 2, 0, 15
|
*RANDOM STUFF*
*SIMILAR VIDEOS*
Searching Video's for phpbb, 2, 0, 15
*MORE FROM TRAP17.COM*
|
advertisement
|
|
