Thanks, I went ahead and upgraded my server, even though it is a pain in the $%@!
Thanks for pointing this out! On Friday 01 March 2002 07:13 pm, you wrote: > Jeff, there's a description of it here: > > http://security.e-matters.de/advisories/012002.html > > At 10:35 AM 2/28/02 -0500, you wrote: > >Gregg, > > > >What was the vulnerability? I allow people to upload and download via > >PHP scripts on my web site, and probably should tighten up my security... > > > >-Jeff > > > >On Thu, 28 Feb 2002, Gregg Kemp wrote: > > > Hi all, > > > > > > I have temporarily disabled the ability to upload a file to the list's > > > > "upload" gallery. You can still view everything ok, but you just want be > > able to upload any new images for a while. > > > > > I learned today of a bug in the scripting language I use for the > > > > uploads that makes the Pinhole Visions web site vulnerable to hackers > > through file uploads. There is a fix for this bug, but the fix will > > require some time to implement. I hope to have this fixed this weekend, > > if possible. > > > > > Thanks, > > > > > > Gregg > > > > > > _______________________________________________ > > > Post to the list as PLAIN TEXT only - no HTML > > > Pinhole-Discussion mailing list > > > Pinhole-Discussion@p at ??????? > > > unsubscribe or change your account at > > > http://www.???????/discussion/ > > > >_______________________________________________ > >Post to the list as PLAIN TEXT only - no HTML > >Pinhole-Discussion mailing list > >Pinhole-Discussion@p at ??????? > >unsubscribe or change your account at > >http://www.???????/discussion/ > > _____________________________________________________ > Pinhole Visions at http://www.??????? > Worldwide Pinhole Photograhy Day at http://www.pinholeday.org > > > _______________________________________________ > Post to the list as PLAIN TEXT only - no HTML > Pinhole-Discussion mailing list > Pinhole-Discussion@p at ??????? > unsubscribe or change your account at > http://www.???????/discussion/