Comments on: Yet More Security Vulnerabilities Found In Pligg V9.9.0 http://socialcmsbuzz.com/yet-more-security-vulnerabilities-found-in-pligg-v990-31072008/ Latest News and Information for social CMS systems Thu, 31 Dec 2009 16:02:17 +0000 http://wordpress.org/?v=2.9 hourly 1 By: Tiarandahttp://socialcmsbuzz.com/yet-more-security-vulnerabilities-found-in-pligg-v990-31072008/comment-page-1/#comment-2677 Tiaranda Fri, 15 Aug 2008 16:02:31 +0000 http://socialcmsbuzz.com/?p=493#comment-2677 "Shame on GulfTech Security to post in the wild. Never EVER do business with them."What an ignorant statement, have you ever even dealt with them? GulfTech do great work, and are simply amazing compared to the company that we had reviewing our products before.If anything, people should be cautious of a software vendor who does not care enough about their products (or their users) to have them professionally secured.On another note, as a long time Pligg user I am definitely switching to YaDC since they are actually the project that secured Pligg when all these vulnerabilities were found. I still can't believe Yankidank and Co. ganked the fixes from YaDC without even giving due credit :-\ Maybe he should call himself Yankigank lol “Shame on GulfTech Security to post in the wild. Never EVER do business with them.”

What an ignorant statement, have you ever even dealt with them? GulfTech do great work, and are simply amazing compared to the company that we had reviewing our products before.

If anything, people should be cautious of a software vendor who does not care enough about their products (or their users) to have them professionally secured.

On another note, as a long time Pligg user I am definitely switching to YaDC since they are actually the project that secured Pligg when all these vulnerabilities were found. I still can’t believe Yankidank and Co. ganked the fixes from YaDC without even giving due credit :-\ Maybe he should call himself Yankigank lol

]]> By: meneame.nethttp://socialcmsbuzz.com/yet-more-security-vulnerabilities-found-in-pligg-v990-31072008/comment-page-1/#comment-2542 meneame.net Fri, 01 Aug 2008 01:46:18 +0000 http://socialcmsbuzz.com/?p=493#comment-2542 <strong>Encontrados dos agujeros de seguridad en pligg...</strong>Hace dos días, se hicieron públicos un par de agujeros de seguridad en pligg, un fork de meneame, dichos agujeros permitirían ejecutar código sql arbitrario en la base de datos, código javascript arbitrario en el contexto de la web, y código php ... Encontrados dos agujeros de seguridad en pligg…

Hace dos días, se hicieron públicos un par de agujeros de seguridad en pligg, un fork de meneame, dichos agujeros permitirían ejecutar código sql arbitrario en la base de datos, código javascript arbitrario en el contexto de la web, y código php …

]]> By: Vulnerabilitate Pligg | PCNewshttp://socialcmsbuzz.com/yet-more-security-vulnerabilities-found-in-pligg-v990-31072008/comment-page-1/#comment-2533 Vulnerabilitate Pligg | PCNews Thu, 31 Jul 2008 20:56:51 +0000 http://socialcmsbuzz.com/?p=493#comment-2533 [...] Toate site-urile care folosesc Pligg sunt in pericol deoarece o serie de vulnerabilitati au fost publicate pe Internet. [...] [...] Toate site-urile care folosesc Pligg sunt in pericol deoarece o serie de vulnerabilitati au fost publicate pe Internet. [...]

]]> By: stephanhttp://socialcmsbuzz.com/yet-more-security-vulnerabilities-found-in-pligg-v990-31072008/comment-page-1/#comment-2532 stephan Thu, 31 Jul 2008 20:39:42 +0000 http://socialcmsbuzz.com/?p=493#comment-2532 "Generally any serious or professional IT security team would never allow this information to be public."Since when do IT Security teams not release their findings publicly? It is what they do! (everyone from symantec to secunia do this, duh) I think it is safe for you to take off your tin foil hat now. lol Also, I don't think he stole the information either as I found out about it here after I was hacked.http://www.securityfocus.com/bid/30458/discussSince the Pligg developers seem to be a bunch of slackers I wanted details of the vulnerabilities so that I could fix them myself and get my site back up.On a more serious note I hope these issues are fixed soon. My webhost temporarily suspended my account cause my Pligg was used to send spam after it was hacked :( “Generally any serious or professional IT security team would never allow this information to be public.”

Since when do IT Security teams not release their findings publicly? It is what they do! (everyone from symantec to secunia do this, duh) I think it is safe for you to take off your tin foil hat now. lol Also, I don’t think he stole the information either as I found out about it here after I was hacked.

http://www.securityfocus.com/bid/30458/discuss

Since the Pligg developers seem to be a bunch of slackers I wanted details of the vulnerabilities so that I could fix them myself and get my site back up.

On a more serious note I hope these issues are fixed soon. My webhost temporarily suspended my account cause my Pligg was used to send spam after it was hacked :(

]]> By: amuzihqzihttp://socialcmsbuzz.com/yet-more-security-vulnerabilities-found-in-pligg-v990-31072008/comment-page-1/#comment-2531 amuzihqzi Thu, 31 Jul 2008 19:06:59 +0000 http://socialcmsbuzz.com/?p=493#comment-2531 Shame on socialcmsbuzz telling people how to exploit a pliqq. Shame on GulfTech Security to post in the wild. Never EVER do business with them. Shame on socialcmsbuzz telling people how to exploit a pliqq. Shame on GulfTech Security to post in the wild. Never EVER do business with them.

]]> By: petehttp://socialcmsbuzz.com/yet-more-security-vulnerabilities-found-in-pligg-v990-31072008/comment-page-1/#comment-2530 pete Thu, 31 Jul 2008 18:24:54 +0000 http://socialcmsbuzz.com/?p=493#comment-2530 You released a version of Pligg. Where are your security fixes? I guess you are just waiting until Pligg release theirs so you can add them to your version and take all the credit?I'm also surprised that James Bercegay of GulfTech Security Research Team would allow you to publicly post post his findings.. I guess that's how they do business. Generally any serious or professional IT security team would never allow this information to be public. So only 2 conclusions can be drawn. You illegally published his findings, or GulfTech is a scam looking to exploit money from Pligg. Either way it's bad news all around. You released a version of Pligg. Where are your security fixes? I guess you are just waiting until Pligg release theirs so you can add them to your version and take all the credit?

I’m also surprised that James Bercegay of GulfTech Security Research Team would allow you to publicly post post his findings.. I guess that’s how they do business. Generally any serious or professional IT security team would never allow this information to be public. So only 2 conclusions can be drawn. You illegally published his findings, or GulfTech is a scam looking to exploit money from Pligg. Either way it’s bad news all around.

]]> By: Vote for this article at blogengage.comhttp://socialcmsbuzz.com/yet-more-security-vulnerabilities-found-in-pligg-v990-31072008/comment-page-1/#comment-2529 Vote for this article at blogengage.com Thu, 31 Jul 2008 15:58:01 +0000 http://socialcmsbuzz.com/?p=493#comment-2529 <strong>Yet More Security Vulnerabilities Found In Pligg V9.9.0...</strong>On Tuesday of this week we alerted Pligg based CMS users to a Remote SQL Injection Vulnerability that was present within the story.php. This issue is caused by an input validation error in the "story.php" script when processing the "id" parameter. ... Yet More Security Vulnerabilities Found In Pligg V9.9.0…

On Tuesday of this week we alerted Pligg based CMS users to a Remote SQL Injection Vulnerability that was present within the story.php. This issue is caused by an input validation error in the “story.php” script when processing the “id” parameter. …

]]>