They use buggy eval() in their XMLRPC code, which of course causes massive security problems, notably with RSS... http://www.gulftech.org/?node=research&article_id=00088-07022005 http://news.netcraft.com/archives/2005/07/04/ php_blogging_apps_vulnerable_to_xmlrpc_exploits.html Florent -- Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D +33 1 40 33 71 59 http://nuxeo.com fg@nuxeo.com
Florent Guillaume wrote:
They use buggy eval() in their XMLRPC code, which of course causes massive security problems, notably with RSS...
http://www.gulftech.org/?node=research&article_id=00088-07022005 http://news.netcraft.com/archives/2005/07/04/ php_blogging_apps_vulnerable_to_xmlrpc_exploits.html
Florent
I sincerely hope we are better than they are. S. -- Stéfane Fermigier, Tel: +33 (0)6 63 04 12 77 (mobile). Nuxeo Collaborative Portal Server: http://www.nuxeo.com/cps Gestion de contenu web / portail collaboratif / groupware / open source!
participants (2)
-
Florent Guillaume -
Stefane Fermigier