There is an XSS vulnerability in PHP that affects some stable webapps. Details can be found here: http://www.php-security.org/MOPB/MOPB-08-2007.html
I know this affects phpWebSite since there is a phpinfo file in setup.
This will be removed upstream. All other apps need checked as well. I'm
running PHP Version 5.1.6-pl6-gentoo on my laptop right now and the XSS
attack works quite well. Not sure who maintains anything with regard to
webapps nowadays. I've come up with no response to several inquiries.
Figured everyone on the list would like to secure their servers in the
meanwhile.
Wendall
--
Only wimps use tape backup: _real_ men just upload their important stuff
on ftp, and let the rest of the world mirror it ;)
-- Linus Torvalds
signature.asc
Description: This is a digitally signed message part
