On Tue, 2001-09-25 at 10:50, Edd Dumbill wrote:
> I will disclose full details of the exploit on the project web site
> soon, after asking Dan if he's amenable to his report being published.

Dan has confirmed that his exploit will not work on the newest version,
1.01.  He also gave me permission to post his report, which I have done
here: http://phpxmlrpc.sourceforge.net/security/advisory2001-09-25.txt

-- Edd

PGP signature

Reply via email to