Vulnerability Development mailing list archives
Re: Rumours about Apache 1.3.22 exploits
From: Mike Tone <simpletone () mbox com au>
Date: Tue, 26 Feb 2002 13:15:44 +1100
One quick thing we should get straight... PHP has problems, on the win32 platform (apache 1.3.x)... but on *nix as well?? --snip-from-bugware PHP for windows arbitrary files execution (feb2002) SYSTEMS AFFECTED PHP version 4.1.1 under Windows PHP version 4.0.4 under Windows PROBLEM CompuMe and RootExtractor posted : An attacker can upload innocent looking files (with mp3, txt or gif extensions) through any uploading systems such as WebExplorer (or any other PHP program that has uploading capabilities), and then request PHP to execute it. --snap as for bind issues (i have nfi), blame non-disclosure. --------------------------------------------------------------------- Never lose a fax again, receive faxes to your personal email account! Visit http://www.mbox.com.au/fax
Current thread:
- Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 24)
- Re: Rumours about Apache 1.3.22 exploits nilton . gs . sc (Feb 25)
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- RE: Rumours about Apache 1.3.22 exploits Nico Wieland (Feb 26)
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- Re: Rumours about Apache 1.3.22 exploits H D Moore (Feb 25)
- php update (was Re: Rumours about Apache 1.3.22 exploits) Christopher McCrory (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits Brandon (Feb 25)
- <Possible follow-ups>
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- Re: Rumours about Apache 1.3.22 exploits Mike Tone (Feb 26)
- RE: Rumours about Apache 1.3.22 exploits Spare Cycles (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits Olaf Kirch (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits H D Moore (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits nilton . gs . sc (Feb 25)