Client Login 
Community 
Contact Us 
LinkBack URL
About LinkBacksThere is a phpinfo exploit that came out today:
http://securityreason.com/achievement_securityalert/34
Because of this the publically accessible /phpinfo pages from all servers
have been removed untill the fix comes in the next stable release.
Welcome to the JaguarPC Community
Results 1 to 5 of 5
This is a discussion on PHPinfo exploit! in the Open Discussion & Chit-chat forum
There is a phpinfo exploit that came out today:
http://securityreason.com/achievement_securityalert/34
Because of this the publically accessible /phpinfo pages from all servers
have been removed untill ...
-
04-10-2006, 02:02 PM #1Darth Admin (aka Jag)
- Join Date
- Sep 1998
- Posts
- 5,201
PHPinfo exploit!
Greg L. | Chief Executive Officer
JaguarPC.com
Helpful Links
Knowledge Base | Network Status
Need a Manager?
(pm) | (email) David, Customer Service Manager
(pm) | (email) Zach, Community Liason, Sales manager
(pm) | (email) Masood, Chief Technical Officer
(pm) | (email) Les, Chief Operations Officer
-
04-20-2006, 08:32 PM #2Yeah, I know a LOT!
- Join Date
- Mar 2003
- Location
- Arizona Uplands
- Posts
- 10,775
Hey, Chief, how about /perldiver pages?
http://securitytracker.com/alerts/2005/Nov/1015146.htmlDISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.
No Guts, No Story! VinDSL © 2010
-
04-21-2006, 08:04 PM #3Yeah, I know a LOT!
- Join Date
- Mar 2003
- Location
- Arizona Uplands
- Posts
- 10,775
Never mind! I just upgraded to Perl Diver 2.33
http://www.scriptsolutions.com/suppo...vc =1#Post447
That's patches the security problem...
DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.
No Guts, No Story! VinDSL © 2010
-
04-21-2006, 08:07 PM #4Yeah, I know a LOT!
- Join Date
- Mar 2003
- Location
- Arizona Uplands
- Posts
- 10,775
BTW, Snake Charmer 1.3 looks clear! Couldn't find any vulns when I Google'd it...
DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.
No Guts, No Story! VinDSL © 2010
-
04-21-2006, 08:12 PM #5Yeah, I know a LOT!
- Join Date
- Mar 2003
- Location
- Arizona Uplands
- Posts
- 10,775
Um...
CVE is only showing a severity of 1.9 on the phpinfo() exploit.
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0996Victim must voluntarily interact with attack mechanism ...
Has this vuln cause a problem, here at JagPC?DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.
No Guts, No Story! VinDSL © 2010
Reply With Quote
Posting Permissions
Get Social:
Copyright © 2011 JaguarPC.com
Bookmarks