From owner-freebsd-security Sat Oct 6 18:10: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from sv07e.atm-tzs.kmjeuro.com (sv07e.atm-tzs.kmjeuro.com [193.81.94.207]) by hub.freebsd.org (Postfix) with ESMTP id EF4AE37B403 for ; Sat, 6 Oct 2001 18:10:04 -0700 (PDT) Received: (from root@localhost) by sv07e.atm-tzs.kmjeuro.com (8.11.5/8.11.4) id f971A2u57537 for freebsd-security@freebsd.org; Sun, 7 Oct 2001 03:10:02 +0200 (CEST) (envelope-from k.joch@kmjeuro.com) Received: from karl (ba20bc0f5a4546876e4e36ad40a60e1d@adsl.ooe.kmjeuro.com [193.154.186.21]) (authenticated) by sv07e.atm-tzs.kmjeuro.com (8.11.5/8.11.4) with ESMTP id f9719vV57403 for ; Sun, 7 Oct 2001 03:09:57 +0200 (CEST) (envelope-from k.joch@kmjeuro.com) Message-ID: <02da01c14ecd$4610e8a0$0a05a8c0@ooe.kmjeuro.com> From: "Karl M. Joch" To: Subject: PHPNuke exploit Date: Sun, 7 Oct 2001 03:13:22 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X--virus-scanner: scanned for Virus and dangerous attachments on sv07e.atm-tzs.kmjeuro.com (System Setup/Maintainance: http://www.ctseuro.com/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org For all running PHPNuke. There is a exploit in admin.php which allows copying/uploading files. there are 2 articles on www.freebsd.at. karl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message