الموضوع: تبيه 4image
عرض مشاركة واحدة
  #1  
قديم 06-18-2009, 09:00 PM
الصورة الرمزية العاشق 2005  
رقـم العضويــة: 365
تاريخ التسجيل: Sep 2008
المشـــاركـات: 94,808
نقـــاط الخبـرة: 85
الأوسمة والجوائزالأوسمة
افتراضي تبيه 4image
السلام عليكم
حبيت ابلغكم انه كل واحد مركب سكربت التوبيكات او اي سكربت 4images فهمو معرض للاختراق اذا لم يرقي للنسخة 1.7.7 لانه فيها ترقيعات امنيه كثيرة عن 1.7.6 و قد جرى التنبيه المصدر موقع الشركة
http://www.4homepages.de/forum/index.php?topic=24794.0




View Profile WWW


Re: 4images 1.7.7
« Reply #1 on: May 14, 2009, 08:57:00 AM »

================================================== =======
ChangeLog Version 1.7.7
================================================== =======
- Security fix for local inclusion vulnerability (http://www.4homepages.de/forum/index.php?topic=24526.0)
- Security Fix for XSS issue in member.php
- Fixed issue for search stop in english language (http://www.4homepages.de/forum/index.php?topic=24453.0)
- Fixed issue for accepting blank new password when changing password (http://www.4homepages.de/forum/index.php?topic=24503.0)
- Fixed incorrect text in additional fields in register.php (http://www.4homepages.de/forum/index.php?topic=19206.0)
- Fix for redirects on sites with non-standard port (http://www.4homepages.de/forum/index.php?topic=23081.0)
- Fix for losing IPTC data if converting images with ImageMagick
- Fixed issue with wrong Administrator joindate after installation of 4images
- Fixed issue Comments count not updated after user was deleted (http://www.4homepages.de/forum/index.php?topic=22606.0)
- Fix for additional user fields not being used for guests (http://www.4homepages.de/forum/index.php?topic=22727.0)
- Fix issue in top.php if the name of an image is an URL
- Fix for wrong message in ACP if image was not deleted from database (http://www.4homepages.de/forum/index.php?topic=23392.0)
- Fix for issue that redirects after login always to index.php (http://www.4homepages.de/forum/index.php?topic=22950)
- Fixed issue if users submits a non existing email address in the password forgotten form
- Fixed width of columns in detailed view (detail, EXIF, IPTC)
- Change of the displayed error information if the MySQL connection does not work
- Change from POST to GET in category dropdown
- Changed in header.html template for being W3C valid
- Added favicon
- Added thumbnails to RSS-feed
- Added feature to sort categories
- Added more conditional tags (categories, details,index, member, postcards, register, search, top) for using {if index}...{if index} for homepage, {if details}...{endif details} for details.php page, etc.
- Added META-Tags in header.html template: robots, description, keywords, revisit-after, imagetoolbar.
- Added spanish language pack by default
- Added 2 new templates: 960 pixel width, 100 % width


و اغلبها ثغرات امنيه و sql injection - xss

اذا اردت نرقي لك شوف رابط العرض
http://www.traidnt.net/vb/showthread...1#post11492653
يكفيك قراءة ردود العملاء :shiny01::shiny01::icon30::icon30::icon30::icon31: :blushing:




اذا اعجبك الموضوع يمكنك التقييم و الرد

شكرا لجميع من رد و لو بكلمه او تقييم :blushing: