News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PEAR Blog:
Net_Traceroute and Net_Ping security advisory
November 16, 2009 @ 07:56:43

An advisory has been issued on the PEAR blog about two packages - Net_Traceroute and Net_Ping - that could expose your site to a security issue, a remote arbitrary command injection.

Net_Ping is an OS independent wrapper class for executing ping calls from PHP. Net_Traceroute is an OS independent wrapper class for executing traceroute calls from PHP. When input from forms are used directly, the attacker could pass variables that would allow him to execute remote arbitrary command injections.

You can use filtering as a workaround until your packages are updated on your server. You can upgrade to the latest packages here: Net_Ping, Net_Traceroute.

0 comments voice your opinion now!
pear package security vulnerability nettraceroute netping


blog comments powered by Disqus

Similar Posts

Firman Wandayandi\'s Blog: The First Stable of Math_Numerical_RootFinding is Out!

Sebastian Bergmann's Blog: Integrating PHPUnit with Selenium

Pierre-Alain Joye's Blog: Finally some new features are coming, zip-1.9.0 serie began

Symfony Blog: symfony 1.0.5 released (security fix)

Ken Guest's Blog: A response to "Better Postal/Zip Code Validation Method for CakePHP 1.2"


Community Events

Don't see your event here?
Let us know!


introduction series laravel project part2 application community interview symfony yii2 opinion example podcast list api language php7 composer framework configure

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework