PHPDeveloper: PHP News, Views and Community

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Wikimedia Foundation Seeks Senior Software Developer (San Francisco, CA)

Job Posting: RealPage, Inc. Seeks PHP Developer (Carrolton, Tx)

PHPMaster.com: Zend Job Queue

Rob Diana's Blog: Web And Scripting Programming Language Job Trends - August 2011

Job Posting: Options Consulting Solutions Seeks PHP Developer Team Lead (Toronto, Canada)

Job Posting: FireScope Seeks Experienced Web Application Developer/Manager (Dallas, TX)

Kevin Schroeder's Blog: Added (PHP 5.3) job queuing to my WordPress instance

Job Posting: Jacob Group (Recruiter) Seeks Director of Software Development (Lacrosse, WI)

Job Posting: Skillshare Seeks Senior Frontend Engineer (New York, NY)

Job Posting: SoftLayer Seeks Software Engineer - Interface Development (Dallas, Tx)

News Archive

Rafe Colburn's Blog: A list of engineering blogs

Site News: Popular Posts for the Week of 05.25.2012

PHPBuilder.com: Debugging Your Magento E-Commerce Applications in PHP

PHPMaster.com: 10 Tips for Better Coding

NetTuts.com: 3 Key Software Principles You Must Understand

Anthony Ferrara's Blog: Open Standards - The Better Way

Site News: Blast from the Past - One Year Ago in PHP

Paul Reinheimer's Blog: Sending Mail

Phil Sturgeon's Blog: Laravel is Awesome

Lineke Kerckhoffs-Willems' Blog: How to use the Symfony2 SonataAdminBundle

feed this:

Community News:
DreamStats "rootpath" File Inclusion Vulnerability Identified

by Chris Cornutt February 06, 2007 @ 11:37:00

As the International PHP Maagzine reports today there's been a file inclusion vulnerability found (from Secunia) in the DreamStats package:

Secunia's latest advisory points out a vulnerability in DreamStats, which could be exploited by remote attackers to execute arbitrary commands. This issue is due to an input validation error in the "index.php" script that does not validate the "rootpath" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.

Those at risk are systems running versions 4.2 and prior and should update immediately. DreamStats is a package for displaying the statistics for Call of Duty related games on a website.

0 comments voice your opinion now!
dreamstats file inclusion vulnerability secunia dreamstats file inclusion vulnerability secunia

Community Events

Don't see your event here?
Let us know!

All content copyright, 2012 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework