IMPORTANT. Dolphin 6.1.4 Security Patch Release
VictorT
posted 25th of July 2008
in
.
31 comments.
The new 6.1.4 Security patch is released this week! Last week we found one in Dolphin and have been keeping an eye on the whole situation with hacks by checking and gathering information. Everything looked fine until today when we found a new vulnerability in Orca.
This is the XSS vulnerability: Orca allows inserting malicious code into a new topic title.
This is a very easy and quickly applied patch, so please apply this patch using these instructions.
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
The new Dolphin solution is powered by UNA Community Management System.
Thank you for jumping on these problems! Again you impress me with your sincerity to provide the community with not only functional but also secure software.
Good Job!
Juker
The patch work fine
thank you for this hard work for make big dolphin script :)
regards
Rawaf
http://www.a7lakalam.com
Warning: main([path_to]inc/header.inc.php): failed to open stream: No such file or directory in /home/jaijine/public_html/periodic/cupid.php on line 21
Fatal error: main(): Failed opening required '[path_to]inc/header.inc.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/jaijine/public_html/periodic/cupid.php on line 21
before this message never used see more
/periodic/cupid.php
Line 21 find: Should say something like:
require_once( '/home/jaijine/public_html/inc/header.inc.php' );
Possibly you don't have the correct path to the file in cupid.php in
this case "[path_to]inc/header.inc.php
You need to make the path_to part the actual path. Which the script
sets itself to during installation.
Sounds like you do not actually have the path set at all. Like I said
I don't know see more
function prepare_to_db(&$s, $iAllowHTML = 1)
{
if ($iAllowHTML){ cleanPost($s);
}
to:
function prepare_to_db(&$s, $iAllowHTML = 1)
{
if ($iAllowHTML){cleanPost($s);}else{strip_tags($s);}
}
This see more
(1) if you have made any id from admin, it will not appear in the general list of members...
(2) Visitors cant see the original size of photos..as the action button even after activating from admin panel, does not show the action menu.....if you are not logged in or you are a visitor...
(3) Alignment problems in pages.....in firefox the photo, video, music pages drift towards the left hand side and in internet explorer the same are not see more
many of issues of this list not issues
6.1.4 have just replacements global $dir to constants, and passing input params from forms to make script more safe, not more
2. photo gallery (share), yes, visitors can`t perform any actions, need login
6. Promo, first, this is not flash, second, recheck also your media\images\promo\original\ folder
7. yes, impossible to put vote by visitors, and it was done many times ago, .. possible even for 6.1.0
All level 1 folders under /orca/ are set to 777.
Same problem with /groups/orca/
Can someone please guide on solving this issue.
/orca/ 777
/orca/cachejs 777
/orca/classes 777
/orca/conf 777
/orca/inc 777
/orca/js 777
/orca/layout 777
/orca/log 777
/orca/xml 777
Are there any further level folders within /orca/ that needs changing permissions?
Fatal error: Call to undefined function: getrayintegrationjs() in /home/triuneit/public_html/inc/admin_design.inc.php on line 324
What is the problem? Any help would be great!
I have 70 active members and on Sunday night 10 members disappeared, on Monday night another 10 members disappeared, on Tuesday I began rebuilding and added 12 new members for a total of 62 and on Tuesday night 25 members disappeared. On Wednesday I removed all of the members except nine from my website and this morning (Thursday) one of the nine is missing.
When I installed the patch 6.1.4 I tried to recompile the language files but for /groups/orca or for /orca I see more
No Password on your site is safe. My member passwords are being bypassed and all membership information is being systematically deleted. I have temporarily changed the status of my remaining existing members to unconfirmed and the hacker cannot see them. Change your memberships to unconfirmed until this hacker attack is eliminated.
I want to give the Boonex team the benefit of the doubt. I think they are working hard to beat down these hackers and see more
I haven't lost any more members since switching the deletion to 0 days. It is a configuration problem and I thank you for pointing out the solution.
God Bless,
Juker
Someone went into my database in past few days and DELETED ALL PUBLIC_HTML content !!!
Which means my website has become totally deleted !!!
Forunatelly, I was able to restore it with the help of my hosting provider, but it is huge BLAM for you guys...!
Since only your Tech Support had all te passwords required for going into my database, I ask you to investigate this case immediatelly and give me an explanation!
Warning: Cannot modify header information - headers already sent by (output started at /home/comunida/public_html/orca/layout/uni_en/params.php:14) in /home/comunida/public_html/orca/inc/util.inc.php on line 36
Warning: Cannot modify header information - headers already sent by (output started at /home/comunida/public_html/orca/layout/uni_en/params.php:14) in /home/comunida/public_html/orca/inc/util.inc.php on line 37
Warning: Cannot modify header information - headers already see more
The last suggestion Boonex gave us is to have your system administrator update the libxsl library on your server. Well we don't have a system administrator and we don't see more