Multiple Vulnerabilities in PHP fileupload
Results 1 to 4 of 4

Thread: Multiple Vulnerabilities in PHP fileupload

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    Exclamation Multiple Vulnerabilities in PHP fileupload

    Hi y'all...back from a couple days away....

    full info at:

    http://www.cert.org/advisories/CA-2002-05.html


    Systems Affected
    Web servers running PHP
    Overview
    Multiple vulnerabilities exist in the PHP scripting language. These vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the PHP process.

    I. Description
    PHP is a scripting language widely used in web development. PHP can be installed on a variety of web servers, including Apache, IIS, Caudium, Netscape and iPlanet, OmniHTTPd and others. Vulnerabilities in the php_mime_split function may allow an intruder to execute arbitrary code with the privileges of the web server. For additional details, see

    http://security.e-matters.de/advisories/012002.html
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Senior Member
    Join Date
    Aug 2001
    Posts
    410
    It seems as though, we both thought it was important.

    http://www.antionline.com/showthread...hreadid=220635

  3. #3
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    PHP Problems are widespread, and not really new info, but very informativ.....
    Nice post....

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    and not really new info
    actually these ARE new exploits..(since last wednesday anyways....and they are just a wee bit scary.....

    Story Link



    "...Netcraft released its monthly survey of Web sites, indicating that nearly 8.4 million sites were hosted by servers that use a vulnerable version of PHP. One million of those sites are vulnerable to attack, the survey said.

    Based on that data alone, the PHP flaws could be as dangerous as the indexing server ISAPI filter flaw in Microsoft's Internet Information Server that made the Code Red worm possible, said Marc Maiffret, chief hacking officer for network protection company eEye Digital Security"
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides