Welcome to Geeklog, Anonymous Friday, December 27 2024 @ 02:42 pm EST

News

Geeklog 1.3.8-1sr4 and 1.3.7sr5 security updates

  • Monday, January 26 2004 @ 02:50 pm EST
  • Contributed by:
  • Views: 15,906
Security These releases address the following security issues:
  1. It was possible for users in the Group Admin and User Admin groups to become a member of the Root group (reported by Samuel M. Stone, bug #135).
  2. Being admin for a certain area (e.g. Story Admin for stories) made it possible to delete all objects in that area (e.g. stories) even if the user was not supposed to have access to them, provided the id of the object was known.
  3. It was possible to delete other people's personal events if you knew the event ID.
  4. It was possible to browse through the comments of a story even if the user did not have access to the actual story (reported by Peter Roozemaal).
  5. Due to an XSS issue, it was possible to change someone's account settings (including the password) if you got them to click on a specially crafted link (reported by Jelmer, fix suggested by Vincent Furia).
  6. The comment display suffered from the possibility of an SQL injection (reported by Jelmer).
  7. It was possible to inject Javascript code in the calendar (reported by Jelmer).
  8. It was possible to execute (but not save) Javascript code in the comment preview (reported by Jelmer).

As usual, there's an upgrade and complete tarball for 1.3.8-1sr4. The 1.3.7sr5 upgrade is only available as an upgrade tarball and requires 1.3.7sr4.

Axonz 3.2 CSS Theme (Red) UPDATED

  • Monday, December 29 2003 @ 10:53 pm EST
  • Contributed by:
  • Views: 12,278
Announcements Updated just in time for the new year! - Version 3.2!

Boasting great new images, and stronger, more robust CSS, this version is a must-download for Axonz series users. Also included, is a template image for your own site logo!

Grab the theme from: Axonz.com ...or right here on GeekLog.net!

Page navigation