Posts Tagged ‘include file’

PHPList Include File Vulnerability

Last Updated on Wednesday, 4 February 2009 01:25 Written by Arvand Sabetian Wednesday, 4 February 2009 01:22

Per http://isc.sans.org/diary.html?storyid=5794:

PHPList is an open-source newsletter manager. It is written in php. On January 29th 2009 they posted a software update. “[The update] fixes a local file include vulnerability.This vulnerability allows attackers to display the contents of files on the server, which can aid them to gain unauthorised access“.

They also included a one-line workaround if you could not patch fast enough.

UPDATE: An exploit against this vulnerability was published and used in the wild on Jan 14th 2009, 2 weeks before the patch was issued.

Learn More
Tags: , , , ,   |  Posted under cPanel/Linux Hosting, PHPList, Security/Vulnerability  |  No Comments

Search

Authors

Recent Comments

Tags

1.8 7 7.1 add admincp arvixe ASP bucket change clip ClipBucket CMS cPanel/Linux Hosting create database dolphin dot dotnetpanel elgg email error how how to install mojoPortal net New nopcommerce panel php phpFox security setup set up site softaculous tips to TomatoCart use video web website websitepanel WordPress
Web Hosting

Linux Hosting
ASP .NET Hosting
Business Hosting
Reseller Hosting
E-Commerce Hosting
Dedicated Servers

Acceptable Use Policy
Terms of Service
Privacy Policy

Affiliate Program
Site Map

 Blog Hosting

WordPress Hosting
ExpressionEngine Hosting
Movable Type Hosting
Habari Hosting
Textpattern Hosting


CMS Hosting

Joomla Hosting
Drupal Hosting
MODX Hosting
Concrete5 Hosting
Xoops Hosting
 Shopping Cart Hosting

nopCommerce Hosting
OpenCart Hosting
Magento Hosting
osCommerce Hosting
Tomato Cart Hosting


Video Sharing Software Hosting

ClipBucket Hosting
ClipShare Hosting
osTube Hosting
vShare Hosting
MediaXXX Hosting
 Forum Hosting

XenForo Hosting
vBulletin Hosting
MyBB Hosting
phpBB Hosting
Simple Machines Hosting


Social Network and Community Website Hosting

SocialEngine Hosting
Elgg Hosting
SkaDate Hosting
Dolphin Hosting
phpfox Hosting
Copyright © 2003-2013 Arvixe, LLC. All trademarks are property of their legal owner.