Lisa Bogar([EMAIL PROTECTED])@Wed, Feb 20, 2002 at 04:09:17PM -0700: > > Just trying to find out more information and I am surprised if it is > indeed happening why I haven't seen anything on CERT or bugtraq.
Yeah, this one's real. The ISP I work for had to add an additional note to our customers about it because so many of them had vulnerable scripts. The warning was posted around the 4th or so of February. The part of that notification you'd be interested in is this: "The developers of the script have fixed this problem and a new version 1.9s is available from: http://www.worldwidemart.com/scripts/" The rest of it was just a brief description of the type of vulnerability and a warning that hosted sites that didn't update the script would be temporarily disabled until they were updated. AUPs are so useful like that ... Regards, Ben
msg04045/pgp00000.pgp
Description: PGP signature