// archives

Archive for December, 2004

PHP Vulnerabilities Announced

By marcus December 17, 2004 Post a comment

Just saw the announcement on Slashdot by the Hardened-PHP Project. The vulnerabilities include pack(), unpack(), safe_mode_exec_dir bypass in multithreaded PHP, realpath() and unserialize().

Did You Know?

From '96 to '99 I spent a lot of time on IRC (DALnet) under the name SysRequest. I wrote a little remover utility to clean up the DMsetup.exe worm, which turned into a bit of a contest with its creator who tried to make his code more polymorphic.