Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
Simple Machines Forum <=1.1RC2 unset() vulnerabilities
Aug 22 2006 05:15PM
rgod autistici org
---------Simple Machines Forum <=1.1RC2 unset() vulnerabilities-----------------
------------------------------------------------------------------------
--------
software site: http://www.simplemachines.org/
the recently discovered Zend_Hash_Del_Key_Or_Index PHP vulnerability allows
users to include arbitrary files from local resources (on Windows boxes)
and to lock topics, poc for both:
http://retrogod.altervista.org/smf_11rc2_local_incl.html
http://retrogod.altervista.org/smf_11rc2_lock.html
an interesting reading:
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerabilit
y.html
SMF team released 1.0.8 and 1.1.rc3 versions to patch theese issues
------------------------------------------------------------------------
--------
rgod
site: http://retrogod.altervista.org
mail: rgod at autistici.org
------------------------------------------------------------------------
--------
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
------------------------------------------------------------------------
--------
software site: http://www.simplemachines.org/
the recently discovered Zend_Hash_Del_Key_Or_Index PHP vulnerability allows
users to include arbitrary files from local resources (on Windows boxes)
and to lock topics, poc for both:
http://retrogod.altervista.org/smf_11rc2_local_incl.html
http://retrogod.altervista.org/smf_11rc2_lock.html
an interesting reading:
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerabilit
y.html
SMF team released 1.0.8 and 1.1.rc3 versions to patch theese issues
------------------------------------------------------------------------
--------
rgod
site: http://retrogod.altervista.org
mail: rgod at autistici.org
------------------------------------------------------------------------
--------
[ reply ]