- April 23, 2024, 08:20:39 am
- Welcome, Guest
News:
CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE
1
cpg1.3.x Support / HOTFIX for Apache's RAR/PHP Vulnerability - IMPORTANT!
« by Paver on June 11, 2006, 07:00:56 am »...... breach, the current one being the "Apache RAR Exploit". Your Coppermine gallery and any other ............ about it here: Coppermine-driven galleries hit by RAR exploit Coppermine 1.4.6 was the first release ............ release CPG1.4.6 protects against Apache's .rar vulnerability You are strongly recommended to ............ of your gallery to the currently popular "RAR Exploit", which allows someone to inject code ......
2
cpg1.4 miscellaneous / Re: xxx.php.rar exploit question
« by Joachim Müller on October 01, 2006, 03:06:11 pm »...... on the existing threads that deal with the rar exploit and the fixes, the fix we created should ......
3
cpg1.4 miscellaneous / Re: *.php.rar = big problem
« by Joachim Müller on August 01, 2006, 10:41:06 pm »...... any files matching the pattern xxx.php or xxx.php.rar inside the albums folder (there might be some ......
4
cpg1.4 miscellaneous / Re: How bad is the file ly_php.rar
« by Joachim Müller on September 20, 2007, 09:36:03 am »...... of coppermine. The original file was named ly.php.rar (notice the dot), which would have posed a risk ......
5
cpg1.4.x Español (Spanish) / Re: Instalo, todo da correcto pero sale todo en blanco....
« by XiCuLiN on January 18, 2010, 08:04:22 pm »...... los rar.... si tienes el winrar, este compresor/ ............ , además de la extensión .rar, reconoce más, como .zip .arj .cab .gzip ... y a ............ , solo veo "Archivo WinR..." (de Archivo WinRAR), pero si la amplio un poco, en los zip, me pone " ............ WinRAR ZIP". Desconozco si puede venir por ahí el mal ............ ón, es que desactives la opción del windows "mostrar extensiones para archivos conocidos", y así verás ......
...... rather, a misdocumented feature). The so-called "rar"-explot has been taken care of some time ago. ............ in the thread "Coppermine-driven galleries hit by RAR exploit" and "Maintenance release CPG1.4.6 ............ against Apache's .rar vulnerability" ......
7
cpg1.4 upload / Re: 1.4.5, still hit by rar exploit
« by Joachim Müller on May 09, 2006, 08:00:25 am »...... in a way that doesn't allow PHP files to pose as rar files - files having the rar extension are not ............ does not affect the capability of users to upload rar files, so there's little use in changing it from " ............ release that patches security issues is not the rar vulnerability, but the imei bug that allows a ......
8
cpg1.4 miscellaneous / Re: How do I change the display of zip or rar?
« by cpmbr on October 12, 2009, 06:31:13 pm »...... . I wonder if there is any way to send a zip or rar file with the image file (jpg / gif / png) to ......
9
cpg1.4 miscellaneous / Re: Someone tried to hack myserver by uploading php.rar file
« by DoctorMason on November 19, 2007, 10:22:58 pm »...... March 12, 2006, 09:26:28 pm If you don't need .rar files uploaded then disallow them in config or ......
10
cpg1.3 Permissions & Access Rights / Cannot delete .rar and .zip files!
« by jodest3 on July 07, 2006, 10:34:53 pm »11
cpg1.4 permissions / Re: ly.php.rar fkn HACKED!!!
« by Joachim Müller on May 15, 2006, 02:40:58 pm »...... here: Coppermine-driven galleries hit by RAR exploit You're just doing what you're not ......
12
cpg1.5 theme contributions / Re: DaMysterious Theme contributions for cpg1.5.x
« by Αndré on March 08, 2012, 03:11:46 pm »...... are affected: Quote cpg1.5.x_theme_dm_anabolica.rar cpg1.5.x_theme_dm_anime.rar cpg1.5. ............ .rar cpg1.5.x_theme_dm_blue_tatoo.rar cpg1.5. ............ .rar cpg1.5.x_theme_dm_coppersheet.rar cpg1.5. ............ .rar cpg1.5.x_theme_dm_finalfantasy.rar cpg1.5. ............ .rar cpg1.5.x_theme_dm_graphix.rar cpg1.5. ............ .rar cpg1.5.x_theme_dm_halloween.rar cpg1.5. ............ .rar cpg1.5.x_theme_dm_lovewave.rar cpg1.5. ............ .rar ......
13
cpg1.4.x Français (French) / Re: Attention : nouvel registration d'un certain "lamumu"
« by Pascal YAP on November 16, 2007, 03:01:15 pm »...... faut-il être sot pour cliquer sur un fichier *.RAR d'origine inconnue ! ......
14
cpg1.4 miscellaneous / Re: Need to delete files placed in by a hacker
« by kegobeer on May 16, 2006, 09:04:17 pm »...... , tell your host to fix their server - rar files should not be parsed as php files. Second, ............ rar files from being uploaded. You can do this in ......
15
cpg1.3 Upload / Re: problems adding mp3,avi,midi... to album
« by Joachim Müller on May 23, 2005, 09:54:08 am »...... /ra/rm/tiff/tif/doc/txt/rtf/pdf/xls/pps/ppt/zip/rar/gz/mdb", as most of those extensions are not ............ that actually can be processed by the image library you use (GD or ImageMagick). Try setting " ......
16
cpg1.4.x Français (French) / Re: Version 1.4.6 de Coppermine disponible
« by Pascal YAP on May 21, 2006, 10:11:40 pm »...... (images, sons, txt, archives ZIP ou TAR.GZ RAR etc) Les Galeries qui ne possèdent qu'un seul ......
17
General discussion (no support!) / Possible Security Alert - Heads Up For This IP:74.64.51.226
« by Aeronautic on June 29, 2006, 12:09:05 am »...... this search: Search Link Those results reveal rar file uploads associated with that IP. I'm ......
...... Your Upload You Only Had A Pic As Your zip/rar File To Click On To Download . Not 2 Pics Of Your ............ /rar And The Pic You Uploaded With It. Now Im Running ............ /upload.php\">Click Here And Go Upload Your zip/rar file</a>"; And This 10001 echo "<meta ............ /upload.php\">Click Here And Go Upload Your zip/rar file</a>"; exit(); } ......
19
Announcements / Re: Maintenance release CPG1.4.6 protects against Apache's .rar vulnerability
« by Paver on June 09, 2006, 11:27:43 pm »...... version, it's also about protecting against the .rar vulnerability. 2. The "hotfix" doesn't apply to 1. ......
20
Announcements / Re: Coppermine-driven galleries hit by RAR exploit
« by AndrewRH on December 01, 2006, 11:47:21 am »...... 're correct in stating that files with the .php.rar extension are >parsed as PHP files, and that your ......
21
General discussion (no support!) / ly.php.rar & smekerie.php.rar uploaded to multiple coppermine based sites.
« by mike5751 on September 01, 2006, 09:00:27 pm »...... a European country uploaded a file called “ly.php.rar” and "smekerie.php.rar". They each joined as a ......
...... have had a few users uploading rar files to one of my galleries. Not sure if they're ......
23
General discussion (no support!) / Xendar.zip and a.php.rar by broscuta
« by bluesatsuma on August 11, 2006, 04:20:10 pm »...... the xender.zip but can seem delete the a.php.rar file. I also did a serch for xender.zip on google ......
...... a plugin that when the admin or user upload a zip/rar/gz file full of images it extracts it ......
25
cpg1.4 upload / Re: sanyo_php.rar - Coppermine Exploit ??????
« by derperle on October 29, 2006, 10:51:45 pm »...... File in my Gallery. Now i forbid tho upload of rar files But is there any danger for my gallery??? ......
26
cpg1.4 miscellaneous / mod cpg to upload zip/rar files instead of multimedia files
« by attila81 on April 02, 2007, 02:55:11 pm »...... plugin to use cpg on that way? I'd like to upload rar or zip files instead of multimedia ones, so the ......
27
cpg1.4 miscellaneous / Plugin for RAR or Zip Download
« by netfloh on January 03, 2007, 02:35:33 pm »...... the users can download all fotos of an album as RAR or ZIP? thx for answers flo ps i wish you a ......
28
cpg1.4 upload / Re: Vulnerability? Had shell uploaded through upload.php
« by SickFinga on June 17, 2006, 11:59:59 am »...... I just tried to rename the shell to is.php.rar and upload it. Coppermine changed the file name ............ is_php.rar So I guess fix does works. Sorry for the false ......
...... were right. I uploaded a test "php.rar" and after run it, I can read "Oops, my webserver ......
...... they would be able to hack uploading a file in a .rar why dont you download the .rar nd paste the code ......