Full Disclosure mailing list archives
Re: FWD: PhotoPost vBGallery ImportantSecurity Bulletin
From: "php0t" <php0t () zorro hu>
Date: Fri, 11 Jan 2008 17:14:15 +0100
From: "trains" <trains () doctorunix com>
The "AddType" statement for php is normally system-wide, which means the web server will execute php scripts that may be found in the upload directory. This can be fixed multiple ways:
They will just place an .htaccess and do addtype themselves. "php_admin_flag engine off" will probably render most of the issues you mentioned useless in one shot. p. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FWD: PhotoPost vBGallery Important Security Bulletin ad () heapoverflow com (Jan 11)
- Re: FWD: PhotoPost vBGallery Important Security Bulletin trains (Jan 11)
- Re: FWD: PhotoPost vBGallery Important Security Bulletin trains (Jan 11)
- Re: FWD: PhotoPost vBGallery ImportantSecurity Bulletin php0t (Jan 11)
- Re: FWD: PhotoPost vBGallery ImportantSecurity Bulletin trains (Jan 11)
- Re: FWD: PhotoPost vBGallery Important Security Bulletin trains (Jan 11)
- Re: FWD: PhotoPost vBGallery Important Security Bulletin trains (Jan 11)