• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sympoll File Disclosure Vulnerability

Sympoll 1.2 is prone to an issue which may allow remote attackers to disclose the contents of arbitrary webserver readable files. This vulnerability is only present on hosts which are running the vulnerable version of the software and have the PHP 'register_globals' directive enabled. The source of this vulnerability is reported to be insufficient integrity checking of variables.