public marks

PUBLIC MARKS from srcmax with tags sécurité & pligg

29 May 2007 09:00

Security Vulnerability Part 2 - Pligg Forum

I'm very sorry to inform you that the patch I posted the other day created another very serious problem. We have a patch available here and advise you to apply this immediately. If you have not installed the first patch, you don't need to, just install this one. If you did install the first patch, then just replace the login file.

28 May 2007 17:00

Serious Vulnerabilty Found in Pligg; Fix Available

A very serious security vulnerability has just been found in all versions of Pligg, the most popular way to “build your own Digg”. The vulnerability allows a complete site takeover by a malicious hacker - if you are using Pligg, it’s critical that you make use of the fix immediately.

SecurityFocus

To reinitialize a forgotten password, Pligg follows a classical process. A confirmation code is generated and sent by email to the concerned user mail box. The user has to follow the link containing the confirmation code and if the confirmation code is checked successfully, the password is reinitialized to a pre-defined value.

Hacking Pligg 9.5 beta - Exploit - Life, Hacks, and Internet

Pligg Forum members have been notified about it via e-mail this morning. Most Pligg webmasters have’t signed up for the forum :(. All Pligg websites I tried were vulnerable to this exploit. There is no commercial value for me, so don’t worry, administrators have been notified that it’s time to patch.