Hey CMX any chance you can have the VB.org guys send you a list of the exploits and then you can pass them onto another coder who would be willing to at least fix those exploits for this version while you are working on 2.0?
Real good idea. How about CM? At least until 2.0 comes out this will release allot of your stress I'm sure. And keep people happy for now.
Given that the exploits were confirmed to be present in the 1.5.81 file by a member of Staff, advertising the fact that you have it installed on your forums isn't the wisest course of action, IMO.
Given that the exploits were confirmed to be present in the 1.5.81 file by a member of Staff, advertising the fact that you have it installed on your forums isn't the wisest course of action, IMO.
Rofl at that!! I dont think he realises that they can fully crash his site and coz his daily backups are located on the server, they can just delete them. Also having the latest version of vB isnt gona stop them since vB isnt the exploit, vBplaza is!!
Anywho, i speak on behalf of all of us when i say, This sucks.
The "fixed" version has been checked by the staff who examined the original exploits and they have not been found to be fixed. Therefore we have had to remove the new version.
Wouldn't it be safe it the next version that was released was checked my staff first?! :|
If the conversation was true how CMX said that was the fix, and it dosen't fix it ... Interesting.
I'm pretty confident if you disable a couple of the usertitle functions and the PM sending functions in each of the action files and the main functions file this will be safe. I will take the chance. Someone let me know if I am wrong.