| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060830093131.20350.qmail@securityfocus.com> Date: 30 Aug 2006 09:31:31 -0000 From: maric_sasa@...oo.com To: bugtraq@...urityfocus.com Subject: Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability This vulnerability is not that dangerous because, firstly, if you want to exploit it, you must have exact file tree and correct name of the malicious script because that variable is never used alone but always in concatanation with script name and generic extension and, secondly, if site has register_globals set to OFF, you cannot use this exploit at all...
Powered by blists - more mailing lists