phpMyAdmin 4.7.4 SQL injection vulnerability

  • you are sure about this? Nuxwin stated 1 Month ago to deliver a update to thecry for testing in the "next week"... but nothing happened

    Just my humble opinion, but we all are in a crazy terrible time at the moment and maybe Nuxwin is otherwise occupied with serious issues. I don't even want to post this, but as a developer (even though small time) of OSS Projects, this stuff takes time and largly done for zero pay and very little kudos or credit.


    Give the developers the benefit of the doubt, especially now and be patient. Want to really help out? Buy some plugins or donate. I have done both and will continue to do so.

    “Life is all an Elaborate Hoax”

  • here comes the update part for the roundcube plugins

    use at your own risk - please test in a V-Box before use it!

    feedback welcome!


    Edited once, last by fulltilt ().

  • folling error massage

    Files

    • Unbenannt.PNG

      (38.19 kB, downloaded 30 times, last: )

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0

  • it's shown in the error message "You have an extra trailing comma" syntax error double or missing comma in composer.json

    Code
    1. "require": {
    2. "php": ">=5.4.0",
    3. ....
    4. "kolab/tasklist": "dev-master",
    5. "sabre/vobject": "~3.5.3"
    6. },
    7. "require-dev": {
    8. "phpunit/phpunit": "^4.8.36 || ^5.7.21 || ^6 || ^7 || ^8"
    9. },
  • Thanks now the emails are finally displayed again with me.

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0

  • note, if fail2ban was used w/ roundcube-filter an ".log" extension has been added by default:

    Code
    1. previous fail2ban logfile path
    2. /var/www/imscp/gui/public/tools/webmail/logs/errors
    3. RC 1.4.4 logfile path
    4. /var/www/imscp/gui/public/tools/webmail/logs/errors.log
    Code
    1. nano /var/www/imscp/gui/public/tools/webmail/config/defaults.inc.php
    2. $config['log_file_ext'] = '.log';
    3. or set the previous logfile path
    4. $config['log_file_ext'] = '';

    Edited once, last by fulltilt ().

  • Download the latest version without problems as you described see appendix.



    imscp rouncube 1.4.4.PNG

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0

  • it seems there are issues with larger attachments on latest RC, attachments > as 130 kb can no longer downloaded or viewed e.g. in PDF viewer ... the problem occurs w/ both "Stable version - 1.4.4 & Old stable - 1.3.11" download of larger attachments no longer possible, it shows a network error.


    ### edit ###

    seems to be a permission issue in /var/lib/nginx/fastcgi folders

    so I have stopped nginx and deleted all folders inside /var/lib/nginx/fastcgi, restart nginx and restarted the default PHP service ... now it works!


    Code
    1. nginx error.log
    2. 2020/05/23 15:21:06 [crit] 22674#22674: *20 open() "/var/lib/nginx/fastcgi/5/00/0000000005" failed (13: Permission denied) while reading upstream, client: xxx.xxx.xx.xxx, server: my.domain.tld, request: "GET /webmail/?_task=mail&_mbox=INBOX&_uid=8&_part=1&_action=get&_extwin=1&_framed=1&_mimewarning=1&_embed=1 HTTP/1.1", upstream: "fastcgi://unix:/run/imscp/imscp_panel.sock:", host: "my.domain.tld:8443", referrer: "https://my.domain.tld:8443/webmail/?_task=mail&_mbox=INBOX&_uid=8&_part=1&_action=get&_extwin=1&_preload=1&_framed=1"
    3. 2020/05/23 15:21:06 [crit] 22674#22674: *21 open() "/var/lib/nginx/fastcgi/6/00/0000000006" failed (13: Permission denied) while reading upstream, client: xxx.xxx.xx.xxx, server: my.domain.tld, request: "GET /webmail/?_task=mail&_mbox=INBOX&_uid=8&_part=1&_action=get&_extwin=1&_framed=1&_mimewarning=1&_embed=1 HTTP/1.1", upstream: "fastcgi://unix:/run/imscp/imscp_panel.sock:", host: "my.domain.tld:8443", referrer: "https://my.domain.tld:8443/webmail/?_task=mail&_mbox=INBOX&_uid=8&_part=1&_action=get&_extwin=1&_preload=1&_framed=1"`

    Edited 2 times, last by fulltilt ().





  • imscp.PNG

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0