An XSS vulnerability has been found by Mohammad Sikkandar Sha in the demo code for WideImage which is used in the File Manager shipped with Geeklog 2.1.0. The File Manager itself has access contr...
https://www.geeklog.net/article.php/file-manager-vulnerability
We have received two reports about security issues that affect Geeklog in both current versions, i.e. 1.8.2 and 2.0.0 (which is not officially out yet, but in release candidate state): High-Tech ...
An SQL injection vulnerability in the EASYFILE PLUGIN has been found and published by a user who calls himself Hellboy (the vulnerability is reported as being in Geeklog, but it really only affec...
https://www.geeklog.net/article.php/easyfile-plugin-sql-injection
Mark Evans informs us that Saif El-Shere reported XSS in the bbcode of the Forum plugin for glFusion. Due to the shared history of the two projects, these XSS also exist in the Forum plugin for G...
Geeklog 1.7.1sr1 addresses an XSS in the Configuration admin panel, reported by Aung Khant of the YGN Ethical Hacker Group. Due to the built-in CSRF protection this weakness is somewhat harder to...
You may remember the flurry of security issues that Bookoo of the Nine Situations Group reported for Geeklog in April last year. Well, it looks like we missed one issue in those reports: Geeklog'...
The Forum plugin 2.7.3 addresses a security issue where an XSS was possible in anonymous usernames, reported by Jaloh Smith. To upgrade from version 2.7.2, you only need to replace 3 files: co...
Last week, an exploit was published that allows unauthorized direct uploads to a Geeklog site, using the PHP connector included with FCKeditor. The uploads still have to go through FCKeditor's fi...
Geeklog 1.6.0sr1 and 1.5.2sr5 address the following security issues: Gerendi Sandor Attila reported an XSS in the forms to email a user and to email a story to a friend. The "Mail Story to a Frie...
An advisory has been published, warning about "input sanitization errors" in all current versions of FCKeditor. Unfortunately, the advisory is a bit light on details and so it's not clear whethe...
https://www.geeklog.net/article.php/fckeditor-input-sanitization