lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 16 May 2006 14:10:36 -0000 From: newsportal@...rian-amrhein.de To: bugtraq@...urityfocus.com Subject: Newsportal: code injection vulnerability Hello, there is a code injection vulnerability in NewsPortal that could give everyone the ability to execute php code on the webserver where newsportal is installed. This bug should only occur if "register_globals=on" is set in the php.ini. To remove the problem: - install the recent version: http://florian-amrhein.de/nw/newsportal/download/newsportal-0.37.tar.gz (it also removes some minor bugs, and a cross site scripting security hole) - or delete extras/extras/poll/poll.php Florian Amrhein.