On Tue, September 20, 2011 14:29, Moonwalker wrote: > I don't agree with you. > Not everyone makes regular updates of their systems to match the latest > available version, someone doesn't make updates at all. So the version of > phpMyAdmin may (and surely will in the most cases) differ from the > repository information. > I constantly see various vulnerability scan attempts in the web server > logs coming from around the net, most of the attempts to exploit popular > vulnerable Web applications are performed when attacker knows an exact > version number. > Previously, in earlier phpMA 3.4.x versions, the version number has been > disclosed right in the login page's title, fortunately it was fixed in > time.
These scan attempts you see are fully automated and just try available exploits without regard to any version number that may or may not be present. Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org