.weblog engine
FAQ :: Search ::  Memberlist ::  Register :: Profile ::  Usergroups ::  Log in
Log in to check your private messages ::  Download Pivot :: Support Pivot | Info
Contributions is support of Pivot are appreciated. Go here for information on how you can help out!
EXPLOIT - Vulnerability in Pivot 1.40.1 - 1.40.5

 
Post new topic   Reply to topic   printer-friendly view    Pivot Support Forum Index -> General Discussion
View previous topic :: View next topic  
Author Message
hansfn
Pivot Team
<b>Pivot Team</b><!-- Developer -->


Joined: 15 May 2004
Posts: 5286
Location: Molde, Norway
PostPosted: Tue Jul 01, 2008 6:45 am    Post subject: EXPLOIT - Vulnerability in Pivot 1.40.1 - 1.40.5 Reply with quote
As reported by Secunia Pivot 1.40.x has a directory traversal vulnerability (or local file inclusion vulnerability if you prefer). Translated to normal language:

An attacker can easily gain access to your username and password hashes.

This means that if your password isn't very good, it will be broken within hours (using for example Rainbow tables).

What should you do?
1) Apply patch/revision 1333. Just follow the "text changed" link and add the lines in the green box into the right location in the function load_template in the file modules/module_parser.php
2) Change your password

This patch will be part of Pivot 1.40.6 which will be released soon, but not soon enough - please apply the patch immediately.

Affected versions: 1.40.1 - 1.40.5

PS! This is no excuse for running older version because they have other well-known vulnerabilities.
_________________
My Pivot bookmarks, snippets and scripts| Pivot Documentation Project: Template tags
Back to top
View user's profile Send private message Send e-mail Yahoo Messenger
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic   printer-friendly view    Pivot Support Forum Index -> General Discussion All times are GMT - 4 Hours
Page 1 of 1
|
 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
Your generosity is appreciated!
Gambling News was the last to make a donation
:: go here for sponsorship information ::
Special thanks to our platinum sponsors: Gambling News  
DreamHost

powered by phpBB | RSS Feed