[pLog-svn] [Lifetype Vulnerability] Very Serious File Disclosure Problem (read passwords/config whatever you want)
Matt Wood
matt at woodzy.com
Wed Feb 14 00:40:52 EST 2007
=< lt-1.1.5 & lt-1.2_beta
lifetype earlier than 1.0 may not be affected but there are other issues
with that...
On 2/14/07, howard chen <howachen at gmail.com> wrote:
>
> On 2/14/07, Jon Daley <plogworld at jon.limedaley.com> wrote:
> > Good catch Matt. As far as the server getting hosed, it is okay
> > (relatively so) in my case since mysql doesn't allow connections from
> > remote hosts. But, this is an issue particularly for hosts (that's
> > probably pretty much all of them) that allow remote mysql access.
> > I'll have to take a look at these sorts of bugs - Someone made a
> > pass through during 1.0.4-1.0.6 timeframe, but there are presumably
> other
> > ones like this.
> >
>
> hello,
>
> can you confirm which version is affected?
>
> thanks.
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://limedaley.com/pipermail/plog-svn/attachments/20070214/ef1a08b6/attachment.htm
More information about the pLog-svn
mailing list