oss-sec mailing list archives
CVE request: Serendipity < 1.5 upload of files with *.php.* possible
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 21 Dec 2009 18:28:27 +0100
From 1.5 release notes: # Disallow uploading any files that contain ".php." in the filename for extra security with Apache MimeMagic-Modules See this comment also: http://blog.s9y.org/archives/211-Serendipity-1.5-released.html#c3064 (it's probably worth looking at other apps if they are vulnerable to this) -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://schokokeks.org - professional webhosting
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: Serendipity < 1.5 upload of files with *.php.* possible Hanno Böck (Dec 21)
- Re: CVE request: Serendipity < 1.5 upload of files with *.php.* possible Steven M. Christey (Dec 23)