Florent Guillaume wrote:
They use buggy eval() in their XMLRPC code, which of course causes
massive security problems, notably with RSS...
http://www.gulftech.org/?node=research&article_id=00088-07022005
http://news.netcraft.com/archives/2005/07/04/
php_blogging_apps_vulnerable_to_xmlrpc_exploits.html
Florent
I sincerely hope we are better than they are.
S.
--
Stéfane Fermigier, Tel: +33 (0)6 63 04 12 77 (mobile).
Nuxeo Collaborative Portal Server: http://www.nuxeo.com/cps
Gestion de contenu web / portail collaboratif / groupware / open source!
begin:vcard
fn:Stefane Fermigier
n:Fermigier;Stefane
org:Nuxeo
adr:;;14, rue Soleillet;Paris;;75020;France
email;internet:[EMAIL PROTECTED]
title:CEO
tel;work:+33 1 40 33 79 87
tel;fax:+33 1 43 58 14 15
tel;cell:+33 6 63 04 12 77
url:http://www.nuxeo.com/
version:2.1
end:vcard
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
