Correct, it is only with that plugin. Read this:
http://www.geeklog.net/article.php?story=2003120922482655
--Tony
Dirk Haun wrote:
Jason,
This article worries me a bit:
http://www.securityfocus.com/guest/24043
[...]
The vulerability discussed allowed me to write arbitrary data to the
server's hard disk, run all kinds of shell commands, and get the output
back in my browser. Worrying to be sure.
Hmm, I've only skimmed the article yet but my first impression was that
it a) was "only" a problem of the Geeklog/Gallery integration (not of
Geeklog itself) and b) was "only" used to send spam.
I must have missed the bit about writing to the server's hard disk, but I
don't really have the time now to look into it. Can someone confirm if
this is "only" a problem with the Gallery integration?
bye, Dirk
--
+-------------------+--------------------------------------------------+
|Tony Bibbs |[R]egardless of what you may think of our penal |
|[EMAIL PROTECTED] |system, the fact is that every man in jail is one |
| |less potential fisherman to clutter up your |
| |favorite pool or pond. --Ed Zern |
+-------------------+--------------------------------------------------+
