[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] PHP html_decode_entity vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] PHP html_decode_entity vulnerability
From: Tõnu Samuel <tonu@xxxxxx>
Date: Wed, 29 Mar 2006 16:20:46 +0300

On Wednesday 29 March 2006 08:51, Tõnu Samuel wrote:

> Ok, this "critical" is my fault. Seeing memory dump of other user data

There is a one report of this exploit not working. This is vanilla PHP 5.1.2 
compiled from source code on Feb 27-th. 
 
        Tõnu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
  - From: Tõnu Samuel
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
  - From: Jasper Bryant-Greene
- Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
  - From: Tõnu Samuel

Prev by Date: [Full-disclosure] strip_tags() but not only vulnerability
Next by Date: RE: [Full-disclosure] Hello everyone
Previous by thread: Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
Next by thread: Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
Index(es):
- Date
- Thread