phpBB worm FUD

Dieren, the Netherlands

Friday, December 24th 2004, 12:07 CET

Everybody who thinks that the Santy.A worm uses one of the security problems addressed in PHP's latest bugfix releases is wrong. It was NOT due to any bug in PHP, but merely a badly checked input variable which was passed to preg with the /e modifier. Besides this, phpBB is also vulnarable for some of the things address by PHP's new releases. But they are wrong saying that it is not their fault. Not-checked usage of serialized data is still their problem. Short version: use FUDforum .

Shortlink

This article has a short URL available: http://drck.me/phpbb-worm-fud-3hp

Comments

No comments yet

Add Comment

Name:
Email:	Will not be posted. Please leave empty instead of filling in garbage though!
Comment:	Please follow the reStructured Text format. Do not use the comment form to report issues in software, use the relevant issue tracker. I will not answer them here.
	All comments are moderated

Life Line

I walked 12.2km in 1h52m46s

runkeeper — Apr 18th, 10:58 UTC
Merged pull request #793

github:derickr/mongo-php-driver — Apr 18th, 10:47 UTC
Move test case that doesn't touch server to BSON\toPHP()

github:derickr/mongo-php-driver — Apr 18th, 10:02 UTC
Tweaks to test cases

github:derickr/mongo-php-driver — Apr 18th, 10:02 UTC
Abandon strtok_r() in favour of a hand rolled algorithm

github:derickr/mongo-php-driver — Apr 18th, 10:02 UTC
Hint to the compiler that map_element_matches_field_path() should be …

github:derickr/mongo-php-driver — Apr 18th, 10:02 UTC
Rename free_elements to owns_elements, as that is more descriptive

github:derickr/mongo-php-driver — Apr 18th, 10:02 UTC
Use correct size in reallocs

github:derickr/mongo-php-driver — Apr 18th, 10:02 UTC
s/allocated/allocated_size

github:derickr/mongo-php-driver — Apr 18th, 10:02 UTC
PHPC-1154: Fix memory leak with typemaps and MongoDB\BSON\toPHP

github:derickr/mongo-php-driver — Apr 18th, 10:02 UTC
PHPC-1154: Implement wild card syntax for typemap field paths

github:derickr/mongo-php-driver — Apr 18th, 10:02 UTC
PHPC-314: Parse fieldPaths element of the typemap into a tree

github:derickr/mongo-php-driver — Apr 18th, 10:02 UTC
PHPC-314: Record whether we're dealing with a document or an array fo…

github:derickr/mongo-php-driver — Apr 18th, 10:02 UTC
PHPC-314: Read fieldPaths elements and check for correct map types

github:derickr/mongo-php-driver — Apr 18th, 10:02 UTC
Merge branch 'v1.4'

github:derickr/mongo-php-driver — Apr 17th, 14:36 UTC
Merge pull request #808

github:derickr/mongo-php-driver — Apr 17th, 14:36 UTC
Do not re-execute BulkWrite in WriteResult::getServer() test

github:derickr/mongo-php-driver — Apr 17th, 14:35 UTC
Merge pull request #804

github:derickr/mongo-php-driver — Apr 17th, 13:36 UTC
BSONElement::chk() in MongoDB 2.6 doesn't like Timestamp and UTCDateT…

github:derickr/mongo-php-driver — Apr 17th, 13:35 UTC
PHPC-1159: Test on specific server versions in Travis CI

github:derickr/mongo-php-driver — Apr 17th, 13:35 UTC