As of 5/20/2008 at 9:47PM US Central Time, the PowerDNN Engineering Team, as lead by Mr. Tony Valenti and Mr. Joseph Ravioli, discovered two Hyper-Critical security flaws in the standard DotNetNuke Framework. If left unpatched, these security flaws would allow any website visitor to alter your web.config file as well as remotely execute SQL scripts against your database. Since last night, the entire PowerDNN engineering team has been working around the clock to create patches for all affected versions of DotNetNuke.
As of 7:42PM US Central Time, these patches have been created and deployed to all PowerDNN customers.
Over the next couple weeks, we will be gradually releasing more details to the general community. We realize that because of the large number of people running un-patched, standard versions of DotNetNuke, it is especially important for us to approach this issue in a sensitive and confidential manner. To aide with this, an online DotNetNuke Website Scanner is now available from the PowerDNN Security Scanner.
Buck Anderson's DotNetNuke Training, Video Training, and Internet Marketing Resource Center DNNprofessor.com. Free tips to
improve your business with DotNetNuke, XMod, website design techniques, and proven
unconventional Internet Marketing Solutions that attract the attention of today's
savvy Internet buyer at DNNprofessor.com. © 2008 Jive Media Group LLC and Buck Anderson.
All Rights Reserved. Reproduction without permission prohibited.
If you found this article of value, help us spread the word by recommending it to your favorite social bookmarking site.
 digg it! |  bookmark del.icio.us |
 Submit to Reddit |  stumbleupon
|