AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
January 08, 2009, 07:58:33 PM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 5355 Members
Latest Member: J K Brown
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  PostNuke  |  Topic: PostNuke Remote Code Injection via xml rpc 0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: PostNuke Remote Code Injection via xml rpc  (Read 818 times)
Brad
SysAdmin
Tech Team
Hero Member
********
Offline Offline

Posts: 391



View Profile
PostNuke Remote Code Injection via xml rpc
« on: July 06, 2005, 11:53:58 PM »
The PostNuke CMS Development Team was notified about a security issue within the current .750 stable package and the .760 development tree.

VULNERABILTIES
- remote code injection via xml rpc library

SOLUTION
It is recommended that all admins deactivate and remove the 'xmlrpc' module within administration-modules and additionaly remove /xmlrpc.php and and the /modules/xmlrpc folder completly from the filesystem.
The PostNuke CMS Development Team highly recommends to *not* use the xml rpc library until the maintainers [1] provide a secure solution. Once an updated version is available a modularized version will be provided for download as an additional module.
Note: The upcoming .760 release will not contain the xml rpc library.
Logged
Mambo Hosting Resources
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  PostNuke  |  Topic: PostNuke Remote Code Injection via xml rpc « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!