Hi,
George A. Theall wrote:
Is this different from what Phil Dunn reported 2.5 years ago?
http://www.securityfocus.com/archive/1/329910
Indeed this is no different. My apologies; I didn't do any searching
beforehand. I made an assumption! My mistake!
Cheers,
Dan.
__
Hi,
Dan B UK wrote:
Due to the nature of the issue I am not disclosing the detail of it
until the writer of the software has updated it; maybe you could have
waited??
A vulnerability that allows privileges of the apache user within the
limitations of how much PHP has been locked down.
Si
On Tue, Jan 31, 2006 at 12:50:05AM +, Dan B UK wrote:
> Did you even look at the source code for this script. If you had then
> you would see that in the case of register_global's being turned on
> there is a bigger issue to worry about; Remote/Local File Inclusion -
> Server side.
Is this
Hi zeus,
Did you even look at the source code for this script. If you had then
you would see that in the case of register_global's being turned on
there is a bigger issue to worry about; Remote/Local File Inclusion -
Server side.
I have just managed to examine the source code on a few server
Advisory #5 Title: ashnews Cross-Site Scripting Vulnerability# # # Author: 0o_zeus_o0 and fraude# Contact:
[EMAIL PROTECTED]# Website: Elitemexico.org# Date: 30/01/2006# Risk: High # Vendor Url: http://dev.ashwebstu
