[pLog-svn] [Lifetype Vulnerability] Very Serious File Disclosure Problem (read passwords/config whatever you want)

Matt Wood matt at woodzy.com
Tue Feb 13 16:31:27 EST 2007


Dev List,

There exists a very serious file disclosure vulnerability within the RSS
engines that allows anyone to read the contents of files considered to be
secure.

I highly suggest that everyone turn off all RSS off at the moment.

I also suppose you will want to let other people know, I don't really have
the time to mess with the forums warning people.

Oscar / Jon, I will contact you separately later tonight as this
vulnerability compromises www.lifetype.net... and I don't really want our
new server to get hosed.

-Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://limedaley.com/pipermail/plog-svn/attachments/20070213/cb17b6b8/attachment.html 


More information about the pLog-svn mailing list