Slashdot Mirror


PHP Vulnerabilities Announced

Simone Klassen writes "The Hardened-PHP Project has announced several serious and according to them, easy-to-exploit vulnerabilities within PHP. A flaw within the function unserialize() is rated as very critical for millions of PHP servers, because it is exposed to remote attackers through lots of very popular webapplications. The list includes forum software like phpBB2, WBB2, Invision Board and vBulletin. It is time to upgrade now."

15 of 387 comments (clear)

  1. No comment? by jardin · · Score: 3, Funny

    They must be all busy upgrading :)

    1. Re:No comment? by stevesliva · · Score: 5, Funny

      No, all the sysadmins are on holiday vacation. Come on folks, announcing security vulnerabilities on a Friday in December? That's just plain mean.

      --
      Who do you get to be an expert to tell you something's not obvious? The least insightful person you can find? -J Roberts
  2. Kewl by mordors9 · · Score: 3, Funny

    I can't wait for someone to release a script that I can use to show what a leet haxor I am.

    1. Re:Kewl by Anonymous Coward · · Score: 0, Funny

      They already have, you've just got to figure out how to exploit it using the announcement.

  3. I've said it before, and I'll say it again by Neil+Blender · · Score: 2, Funny

    PHP: 10 million newbies can't be wrong.

    1. Re:I've said it before, and I'll say it again by snoyberg · · Score: 3, Funny

      You're absolutely correct! I'll go convert all my scripts to ASP and avoid all of PHP's security holes by running on Microsoft software.

      --
      Thank God for evolution.
    2. Re:I've said it before, and I'll say it again by cosinezero · · Score: 2, Funny

      But scripting languages are what applications are made of! Right?

    3. Re:I've said it before, and I'll say it again by Anonymous Coward · · Score: 5, Funny

      I assume you dislike PHP. What would you recommend instead?

      A language that is a little more practical for extracting and reporting.

      NB

    4. Re:I've said it before, and I'll say it again by flatface · · Score: 2, Funny
    5. Re:I've said it before, and I'll say it again by Anonymous Coward · · Score: 1, Funny

      Umm...by using Microsoft software you would avoid all of PHP's security holes.

    6. Re:I've said it before, and I'll say it again by Anonymous Coward · · Score: 1, Funny
      A language that is a little more practical for extracting and reporting.


      Ahh.. python.. a great choice!
  4. Why are these things always announced on Friday? by kd3bj · · Score: 2, Funny

    Why can't it be Monday? I mean, do the people that make these announcements think we _like_ working weekends?

  5. If by Alioth · · Score: 2, Funny

    If PGP stands for Pretty Good Privacy, does PHP stand for Pretty Hopeless Privacy?

  6. Re:This proves once an for all by fitten · · Score: 2, Funny

    # in a perfect world this would increse my karma
    $karma++;


    No... that would be "in a Perlfect world..."

  7. pwn3d by Anonymous Coward · · Score: 1, Funny

    PHP sux0rs
    ASP r0x0rs.