[25046] in bugtraq
Re: (SRADV00006) Remote command execution vulnerabilities in
daemon@ATHENA.MIT.EDU (Dan Kuykendall)
Thu Apr 11 21:18:54 2002
Date: 11 Apr 2002 07:41:10 -0000
Message-ID: <20020411074110.22913.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Dan Kuykendall <dan@kuykendall.org>
To: bugtraq@securityfocus.com
In-Reply-To: <003b01c05f7c$29d6cba0$1400a8c0@homenet>
This was corrected in 0.9.10 and beyond. We now
wipe out any attempts to set post or get vars to
the phpgw_info array and also double check that
none of the include values have http in them.
Seek3r
phpGroupWare Spokesperson
