Hi,
We will be scanning our servers for the following installations and advising customers to check for regular updates:
joomla 1.5.8 reportedAdvisoryhttp://www.securityfocus.com/archive/1/499295Vendorhttp://www.joomla.org/Please note joomla do not appear to have acknowledged this to date, however we are giving a heads up
phpList < 2.10.8Advisoryhttp://secunia.com/Advisories/33186/Vendor
xoops < 2.3.2b Advisory http://www.securityfocus.com/bid/32685 Vendor http://xoops.org/
MyBB < 1.4.4 Advisory http://www.securityfocus.com/bid/32467 Vendor http://mybboard.net Patch info http://community.mybboard.net/thread-41036.html
Joomla Image Browser 0.1.5 Advisoryhttp://www.securityfocus.com/bid/31458Patch infoAn update is now available from the vendor
Invision Power Board <= 2.3.5Advisoryhttp://www.securityfocus.com/archive/1/495841 Vendorhttp://invisionpower.comPatch infohttp://forums.invisionpower.com/index.php?showtopic=276512
4images gallery all versions lower than 1.7.3 (1.7.6 is the latest)Advisoryhttp://secunia.com/advisories/22349/Vendorhttp://www.4homepages.de/4images/download.php
Postnuke all versions lower than 0.7.6.4Vendorhttp://community.postnuke.com/index.php?name=News&file=article&sid=2787Advisoryhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1591http://secunia.com/advisories/22983/http://secunia.com/advisories/23849/ less critical, no update for this as of yet.
Joomla all versions lower than 1.5.7Vendorhttp://joomlacode.org/gf/project/joomla/frs/?action=FrsReleaseView&release_id=6828Advisoryhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1733http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1559http://www.securityfocus.com/bid/28900/info
mambo all versions lower than 4.6.3Vendorhttp://sourceforge.net/projects/mambo/Advisoryhttp://secunia.com/advisories/28670/
wordpress all versions lower than 2.6.5Vendorhttp://wordpress.org/download/Advisoryhttp://www.securityfocus.com/archive/1/498652/30/0/threaded (XSS vulnerability in RSS Feed Generator)
http://www.securityfocus.com/bid/28935http://secunia.com/advisories/28823/http://xiam.menteslibres.org/pages/advisories/wordpress-2-5-salt-cracking-vulnerabilityhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1646http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1304
vBulletinVendorhttp://www.vbulletin.com/ Vulnerable PackagesvBulletin 3.7.2 Patch Level 1.
vBulletin 3.6.10 Patch Level 3.
Older versions are probably affected too, but they were not checked.
Advisoryhttp://www.securityfocus.com/archive/107/308433updates and patch infohttp://www.vbulletin.com/forum/showthread.php?t=282133
You may already have patched your scripts or updated to a non vulnerable version, the scanner will pick out everything less than the latest up to date version and may also pick up current versions in the case where a patch may be required.
I apologize in advance if you receive an erroneous email and thank you for taking care of your account and ensuring your scripts are up to date.
If the tagging is incorrect and persistant, please be sure to contact
support@lunarpages.com and our staff will be happy to help.
The initial scans will email an advisory notice only, please understand that these measures are for the security of your account and server helping to prevent unwanted file inclusions and hacks, whilst ensuring the stability of all accounts.
Thank you in advance for your patience and understanding.
