July 06 2007 · Security
Low level XSS Fix (v6.01.11)
Updated 15 July 2007: The update mentioned below caused the lost password function to fail. This has now been corrected…
By Falk
Read More
Updated 15 July 2007: The update mentioned below caused the lost password function to fail. This has now been corrected…
In recent days it has been brought to my attention that there may be a possible exploit in the extraction…
It's with pleasure that we announce the present upgrade package for PHPFusion v7. This package includes two minor vulnerabilities…
It seems some people have been having trouble with image uploading since the update to v6.01.10. I have…
In the last 48 hours a few XSS exploits have been reported. There are three files affected including edit_profile.php…
A new exploit has been revealed by rgod. It allows php files to be uploaded as avatars by allowing multiple…
It's now become quite obvious that the current messages.php has more holes than I can fix. Therefore I…
I was hoping to keep this fix silent until the release of v6.00.400, but it has come to…
Another XSS exploit has been discovered that allows a malicious user to steal your cookie. Thankfully it was rather easy…
Another XSS vulnerability in messages.php has been reported and fixed.PHPFusion 7.00.4 Update - for 7.00.3…
Following a Secunia advisory (PHPFusion "msg_send" SQL Injection Vulnerability) I have released an updated messages.php script for existing PHPFusion…
It has come to our attention that hackers are currently targeting PHPFusion sites that are using a few infusions which…
It's just cursed, messages.php has yet another security issue (I've lost count now). Well, not to worry…
For those of you who did not update to v7 yet, a SQL Injection vulnerability patch is available for v6.…
We are happy to announce that the exploit in messages.php that was reported earlier today is now fixed. Also…