Sep 03, 2010 | 06:24 PM  
Welcome

Don't have an account yet? You can create one, it is free, just click here

as a registered user you have some advantages like free downloads, comments and posting on our forums, depending upon this site's configuration and options.

 • •  Control Panel - Register - Login  • • 
Search site | Areafiles | About MDPro | MDPro features | Site map
Current Stable MDPro Lite 1.0821 Download
Welcome
Download MDPro package

Home | News | Releases News | MAXdev News | Support and Security News | Development News | PDA News
Forums
Documentation
MAXdev Community
Latest Comments
  Re: MDForum security fix
Thanks for the fixed! auctions antiques ...
aubreehill
  Re: MDPro 1.083 RC r...
thanks for the realeased! mac to ipod ...
aubreehill
  Re: Security fix for...
i think those black mailers are just jealous of what yo...
aubreehill
Support and security : Security fix's for MDPro 1.0.76 - 21/11/2006
Posted by : TiMax - Tuesday, November 21, 2006
Security

The MAXdev team has been notified of a security issue, the problem was found to be due to directory traversal vulnerability in error.php in MDPro 1.076 and earlier allows remote attackers to include and execute arbitrary local files under certain circumstances via the PNSVlang session variable which is included by error.php.

The patch is available from HERE this affects all versions of MDPro released up until this point.

Many thanks go to Larsneo for his help and collaboration

We strongly recommend all users apply this patch to their sites ASAP, all MDPro 1.0.76 packages have been updated to include this fix as from the 21-Nov-06 07:00 GMT

 

 

 

 





   Printer friendly page  

Hosted by MAX s.o.s.
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest ©2004~2006 MAX s.o.s.
You can syndicate our news using the file backend.php
Terms of use    Privacy policy