On Tue, 2001-09-25 at 10:50, Edd Dumbill wrote:
> I will disclose full details of the exploit on the project web site
> soon, after asking Dan if he's amenable to his report being published.
Dan has confirmed that his exploit will not work on the newest version,
1.01. He also gave me permission
Thanks, guys. phpgroupware has now been updated as well, fwiw.
Edd Dumbill wrote:
>
> All releases up to and including version 1.0 of XML-RPC for PHP have a
> serious security vulnerability, allowing hostile remote clients or
> servers to execute arbitrary code on your machine.
>
> It is of cr
All releases up to and including version 1.0 of XML-RPC for PHP have a
serious security vulnerability, allowing hostile remote clients or
servers to execute arbitrary code on your machine.
It is of critical importance that if you run an XML-RPC server or client
using the XML-RPC for PHP code that