April 16 2008 · Security
PHPFusion v6.01.14
I'm pleased to announce the availability of PHPFusion v6.01.14. An XSS vulnerability patch is available for v6.…
By Christian
Read More
I'm pleased to announce the availability of PHPFusion v6.01.14. An XSS vulnerability patch is available for v6.…
Updated 15 July 2007: The update mentioned below caused the lost password function to fail. This has now been corrected…
It seems some people have been having trouble with image uploading since the update to v6.01.10. I have…
It has come to our attention that hackers are currently targeting PHPFusion sites that are using a few infusions which…
In the last 48 hours a few XSS exploits have been reported. There are three files affected including edit_profile.php…
In recent days it has been brought to my attention that there may be a possible exploit in the extraction…
The Fusion Server will be going offline sometime within the next 24 to 48 hours while we migrate to a…
It's now become quite obvious that the current messages.php has more holes than I can fix. Therefore I…
It's just cursed, messages.php has yet another security issue (I've lost count now). Well, not to worry…
A new exploit has been revealed by rgod. It allows php files to be uploaded as avatars by allowing multiple…
I was hoping to keep this fix silent until the release of v6.00.400, but it has come to…
With more holes than a domestic sieve, messages.php has had yet another xss exploit discovered and fixed. This script…
Files Updated: I've discovered two potential problems in infusions -> shoutbox_panel -> shoutbox_archive.php and the new news.php script. For…
Following a Secunia advisory (PHPFusion "msg_send" SQL Injection Vulnerability) I have released an updated messages.php script for existing PHPFusion…
Another XSS exploit has been discovered that allows a malicious user to steal your cookie. Thankfully it was rather easy…