Web Hosting Forum | Lunarpages

Author Topic: Exploitable Scripts  (Read 4472 times)

Offline Admin

  • Über Jedi
  • *****
  • Posts: 2530
    • Lunarpages Web Hosting
Exploitable Scripts
« on: March 09, 2005, 10:29:16 AM »
The following is being sent to customers:

Hello,

This is an attempt to notify our customers of exploits occurring on installed scripts.  It is very important that customers who use third party scripts ensure they are using the most secure version in order to protect the integrity of their account.  We highly encourage customers to check their scripts to be sure they are running the most secure versions.

- The Advanced guestbook within CPanel has an exploit.  It is currently being removed as an option in CPanel since there is no secure version available at this time.  Customers using this should remove it from their site immediately.  We will reinstate this option as soon as a stable version is released.  The developers have been contacted regarding this issue.

- The popular forum script, phpBB, has several exploits.  Customers should upgrade to the most secure version which is phpBB 2.0.13.  You can do this by going to http://www.phpbb.com/downloads.php.  The Fantastico version will be updated in CPanel as soon as this is available to us.  For more information on the exploits that are occurring on prior versions, please see the following links:

phpBB v2.0.11 http://seclists.org/lists/bugtraq/2005/Mar/0104.html

phpBB v 2.0.12 http://seclists.org/lists/bugtraq/2005/Mar/0045.html

-Moveable Type has exploits in all versions prior to 3.15.  Please ensure you have upgraded to version 3.15 if using this script.  For more information on the upgrade, please go here:  http://www.sixapart.com/movabletype/news/2005/01/movable_type_315_release.html

-phpCoin will be removed from Fantastico scripts today due to an exploit.  Fantastico does not plan on continuing support of this feature.  For more information on this, see http://secunia.com/advisories/14439/

Please take some time to check to see if you are using any of the listed scripts.  If you are, please remove or upgrade as appropriate.  If you do not use any of the scripts noted, you do not have to take any action on your account.  Thank you for your cooperation and for ensuring we have a stable environment.  If you have any questions regarding this, please contact support@lunarpages.com.

Thank you,
Lunarpages Support

Offline Admin

  • Über Jedi
  • *****
  • Posts: 2530
    • Lunarpages Web Hosting
Exploitable Scripts
« Reply #1 on: March 18, 2005, 02:14:50 PM »
Hello,

This is an attempt to notify our customers of exploits occurring on installed scripts. It is very important that customers who use third party scripts ensure they are using the most secure version in order to protect the integrity of their account. We highly encourage customers to check their scripts to be sure they are running the most secure versions.

- The popular forum script, vbulletin, has several exploits. Customers should upgrade to the most secure version.  All versions of vBulletin prior to 3.0.6 and 2.3.6 are vulnerable. For more information on the exploits that are occurring on prior versions, please see the following:

http://www.vbulletin.com/forum/showthread.php?t=127027

Please take some time to check to see if you are using this script. If you are, please remove the script or upgrade it. If you do not use this script, you do not have to take any action on your account. Thank you for your cooperation and for ensuring we have a stable environment. If you have any questions regarding this, please contact support@lunarpages.com.

Thank you,
Lunarpages Support

 

Share |