Jeff, there's a description of it here:
http://security.e-matters.de/advisories/012002.html
At 10:35 AM 2/28/02 -0500, you wrote:
>Gregg,
>
>What was the vulnerability? I allow people to upload and download via
>PHP scripts on my web site, and probably should tighten up my security...
>
>-Jeff
>
>
>On Thu, 28 Feb 2002, Gregg Kemp wrote:
>
> > Hi all,
> >
> > I have temporarily disabled the ability to upload a file to the list's
> "upload" gallery. You can still view everything ok, but you just want be
> able to upload any new images for a while.
> >
> > I learned today of a bug in the scripting language I use for the
> uploads that makes the Pinhole Visions web site vulnerable to hackers
> through file uploads. There is a fix for this bug, but the fix will
> require some time to implement. I hope to have this fixed this weekend,
> if possible.
> >
> > Thanks,
> >
> > Gregg
> >
> > _______________________________________________
> > Post to the list as PLAIN TEXT only - no HTML
> > Pinhole-Discussion mailing list
> > Pinhole-Discussion@pinhole.com
> > unsubscribe or change your account at
> > http://www.pinholevisions.org/discussion/
> >
>
>
>_______________________________________________
>Post to the list as PLAIN TEXT only - no HTML
>Pinhole-Discussion mailing list
>Pinhole-Discussion@pinhole.com
>unsubscribe or change your account at
>http://www.pinholevisions.org/discussion/
_____________________________________________________
Pinhole Visions at http://www.pinholevisions.org
Worldwide Pinhole Photograhy Day at http://www.pinholeday.org
Received on Fri Mar 1 19:12:41 2002
This archive was generated by hypermail 2.1.8 : Mon 13 Dec 2004 - 23:18:43 PST