I saw this advisory linked over on Slashdot for vulenabilities in php xml-rpc libraries used in a lot of blogging packages:

http://news.netcraft.com/archives/2005/07/04/php_blogging_apps_vulnerable_to_xmlrpc_exploits.html

The xml-rpc library in phpAdsNew is also vulnerable:

http://phpadsnew.com/two/nucleus/index.php

The good news is that you can protect phpAdsNew right now by simply deleting or moving a single file if you don't feel comfortable installing the upgrade on your own.

Thanks for the heads up.

If you are using WordPress, you need to upgrade to the 1.5.1.3. immediately. It is the only version that is not vulnerable.

http://wordpress.org/support/topic/38263

I just upgraded my phpadsnew this morning, yet I still feel vulnerable, but in an emotional sense, not a server security sense.

Thanks UW for the info!

Do you just have to replace that file or all files when you upgrade to the new version?

---art

Thanks UW for the info!

Do you just have to replace that file or all files when you upgrade to the new version?

---artThank airdick, not me. ;)

Your best bet is to just upgrade to the newest stable package. Download the new version. Untar or unzip it, back-up your old config.inc.php. Upload the new package to your server allowing it to overwrite all of the old files. Upload the old config.inc.php, which will overwrite the new one you just uploaded. Chmod that config.inc.php to 777. Log in to your phpadsnew control panel and proceed from there. It's quick and painless, just a couple of clicks. When it's complete (like 15-30 seconds later), chmod the config.inc.php back to 644. You're done.

Thank airdick, not me. ;)

Your best bet is to just upgrade to the newest stable package. Download the new version. Untar or unzip it, back-up your old config.inc.php. Upload the new package to your server allowing it to overwrite all of the old files. Upload the old config.inc.php, which will overwrite the new one you just uploaded. Chmod that config.inc.php to 777. Log in to your phpadsnew control panel and proceed from there. It's quick and painless, just a couple of clicks. When it's complete (like 15-30 seconds later), chmod the config.inc.php back to 644. You're done.

Thanks airdick and ... now thanks UW. ---art

I did the upgrade on phpadsnew and it wasnt hard.. just the db backups I did first were HUGE. hehe the server even locked me out of phpmyadmin for a few minutes lol. I had been putting it off till I read this so thanks guys for pulling my finger out :P