Re: (SRADV00006) Remote command execution vulnerabilities in phpGroupWare

From: Dan Kuykendall (danat_private)
Date: Thu Apr 11 2002 - 00:41:10 PDT

Next message: Dan Kuykendall: "Re: SQL injection in PHPGroupware"

Previous message: Paul Starzetz: "Inn (Inter Net News) security problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <003b01c05f7c$29d6cba0$1400a8c0@homenet> This was corrected in 0.9.10 and beyond. We now wipe out any attempts to set post or get vars to the phpgw_info array and also double check that none of the include values have http in them. Seek3r phpGroupWare Spokesperson

Next message: Dan Kuykendall: "Re: SQL injection in PHPGroupware"
Previous message: Paul Starzetz: "Inn (Inter Net News) security problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 11 2002 - 18:18:36 PDT