They use buggy eval() in their XMLRPC code, which of course causes massive security problems, notably with RSS...

http://www.gulftech.org/?node=research&article_id=00088-07022005
http://news.netcraft.com/archives/2005/07/04/ php_blogging_apps_vulnerable_to_xmlrpc_exploits.html


Florent

--
Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of R&D
+33 1 40 33 71 59   http://nuxeo.com   [EMAIL PROTECTED]


_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to