ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] phpBB <= 2.0.17 "signature_bbcode_uid" Remote Command Execution Exploit



http://isc.sans.org/diary.php?date=2005-12-25
phpBB <= 2.0.17 exploit code in the wild
Published: 2005-12-25,
Last Updated: 2005-12-25 00:45:05 UTC by Kevin Liston (Version: 1)

It's an early holiday gift for phpBB admins all over the world.  Exploit
code affecting phpBB version 2.0.17 and previous has been made public.
The targeted vulnerability was announced on Halloween, and updates have
been available since then.

I predict we'll be seeing profile.php probes appear in your web logs
right along with the awstats and xml-rpc attacks that you've been
getting.

http://www.frsirt.com/exploits/20051224.r57phpbb2017.pl.php

Advisory ID : FrSIRT/ADV-2005-2250
Rated as : High Risk 
Note : This vulnerability is currently being exploited in the wild






 




Copyright © Lexa Software, 1996-2009.