Serendipity PHP Weblog System Remote Command Execution

Exploit for php platform in category web applications postProcess'', $quality, $type . "$filename"; //if we have windows server ifisset$ENV'OS' && eregi'window',$ENV'OS' $cmd = eregreplace'/','\',$cmd; //echo $cmd.""; $output = system$cmd; errorlog'NETPBM: '.$cmd; //errorlog$output; $this-command...

HTTP Response Splitting in Serendipity 0.7-beta4

SECURITY ADVISORY: HTTP Response Splitting in Serendipity 0.7-beta4 AUTHOR: Chaotic Evil chaoticevil $$$at$$$ spyring $$$dot$$$ com DATE: October 21st, 2004 PRODUCT: Serendipity 0.7-beta4 October 14th, 2004 Recommended release, most stable - www.s9y.org FROM THE VENDOR WEBSITE: Serendipity is a...