PHP Vulnerabilities Announced

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

PHP Vulnerabilities Announced 387

Posted by michael on Friday December 17, 2004 @01:20PM from the rated-o-for-overtime dept.

Simone Klassen writes "The Hardened-PHP Project has announced several serious and according to them, easy-to-exploit vulnerabilities within PHP. A flaw within the function unserialize() is rated as very critical for millions of PHP servers, because it is exposed to remote attackers through lots of very popular webapplications. The list includes forum software like phpBB2, WBB2, Invision Board and vBulletin. It is time to upgrade now."

This discussion has been archived. No new comments can be posted.

PHP Vulnerabilities Announced

Search 387 Comments Log In/Create an Account

Comments Filter:

No comment? (Score:3, Funny)

by jardin ( 778043 ) * writes: on Friday December 17, 2004 @01:21PM (#11117162)

They must be all busy upgrading :)

Share
twitter facebook
Kewl (Score:3, Funny)

by mordors9 ( 665662 ) writes: on Friday December 17, 2004 @01:23PM (#11117188)

I can't wait for someone to release a script that I can use to show what a leet haxor I am.

Share
twitter facebook
I've said it before, and I'll say it again (Score:2, Funny)

by Neil Blender ( 555885 ) writes: <neilblender@gmail.com> on Friday December 17, 2004 @01:23PM (#11117193)

PHP: 10 million newbies can't be wrong.

Share
twitter facebook
Re:I've said it before, and I'll say it again (Score:3, Funny)

by snoyberg ( 787126 ) writes: <snoyberg@users.s ... t minus caffeine> on Friday December 17, 2004 @01:31PM (#11117299) Homepage

You're absolutely correct! I'll go convert all my scripts to ASP and avoid all of PHP's security holes by running on Microsoft software.

Parent Share
twitter facebook
Re:I've said it before, and I'll say it again (Score:2, Funny)

by cosinezero ( 833532 ) writes: on Friday December 17, 2004 @01:33PM (#11117319)

But scripting languages are what applications are made of! Right?

Parent Share
twitter facebook
Re:I've said it before, and I'll say it again (Score:5, Funny)

by Anonymous Coward writes: on Friday December 17, 2004 @01:33PM (#11117325)

I assume you dislike PHP. What would you recommend instead?

A language that is a little more practical for extracting and reporting.

NB

Parent Share
twitter facebook
Re:I've said it before, and I'll say it again (Score:3, Funny)

by flatface ( 611167 ) * writes: on Friday December 17, 2004 @01:39PM (#11117400)

mod_bf [sourceforge.net]

Parent Share
twitter facebook
Re:No comment? (Score:5, Funny)

by stevesliva ( 648202 ) writes: on Friday December 17, 2004 @01:48PM (#11117520) Journal

No, all the sysadmins are on holiday vacation. Come on folks, announcing security vulnerabilities on a Friday in December? That's just plain mean.

Parent Share
twitter facebook
Re:Kewl (Score:0, Funny)

by Anonymous Coward writes: on Friday December 17, 2004 @01:50PM (#11117545)

They already have, you've just got to figure out how to exploit it using the announcement.

Parent Share
twitter facebook
Why are these things always announced on Friday? (Score:2, Funny)

by kd3bj ( 733314 ) writes: on Friday December 17, 2004 @01:52PM (#11117570) Homepage

Why can't it be Monday? I mean, do the people that make these announcements think we _like_ working weekends?

Share
twitter facebook
If (Score:2, Funny)

by Alioth ( 221270 ) writes: <no@spam> on Friday December 17, 2004 @02:01PM (#11117662) Journal

If PGP stands for Pretty Good Privacy, does PHP stand for Pretty Hopeless Privacy?

Share
twitter facebook
Re:This proves once an for all (Score:2, Funny)

by fitten ( 521191 ) writes: on Friday December 17, 2004 @02:04PM (#11117706)

# in a perfect world this would increse my karma
$karma++;

No... that would be "in a Perlfect world..."

Parent Share
twitter facebook
Re:I've said it before, and I'll say it again (Score:1, Funny)

by Anonymous Coward writes: on Friday December 17, 2004 @02:17PM (#11117897)

Umm...by using Microsoft software you would avoid all of PHP's security holes.

Parent Share
twitter facebook
Re:I've said it before, and I'll say it again (Score:1, Funny)

by Anonymous Coward writes: on Friday December 17, 2004 @03:28PM (#11118812)

A language that is a little more practical for extracting and reporting.

Ahh.. python.. a great choice!

Parent Share
twitter facebook
pwn3d (Score:1, Funny)

by Anonymous Coward writes: on Friday December 17, 2004 @03:32PM (#11118860)

PHP sux0rs
ASP r0x0rs.

Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

PHP Vulnerabilities Announced 387

PHP Vulnerabilities Announced More Login

PHP Vulnerabilities Announced

No comment? (Score:3, Funny)

Kewl (Score:3, Funny)

I've said it before, and I'll say it again (Score:2, Funny)

Re:I've said it before, and I'll say it again (Score:3, Funny)

Re:I've said it before, and I'll say it again (Score:2, Funny)

Re:I've said it before, and I'll say it again (Score:5, Funny)

Re:I've said it before, and I'll say it again (Score:3, Funny)

Re:No comment? (Score:5, Funny)

Re:Kewl (Score:0, Funny)

Why are these things always announced on Friday? (Score:2, Funny)

If (Score:2, Funny)

Re:This proves once an for all (Score:2, Funny)

Re:I've said it before, and I'll say it again (Score:1, Funny)

Re:I've said it before, and I'll say it again (Score:1, Funny)

pwn3d (Score:1, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot