22 Dec
2004
22 Dec
'04
2:13 p.m.
Cory Nelson wrote:
On Wed, 22 Dec 2004 15:36:48 +0300, Vladimir Prus <ghost@cs.msu.su> wrote:
Joaqu?n M? L?pez Mu?oz wrote:
Please take a look at
http://boost.sourceforge.net/regression-logs/
???
Looks related to this:
http://it.slashdot.org/article.pl?sid=04/12/21/2135235&from=rss
Though: 1. Boost does not use phpBB, AFAICT. 2. I'm not sure if it used PHP at all.
Sourceforge hosts multiple sites - it only takes one of them having a vulnerable phpBB to give access to all the others. This is a big problem :/
Granting write access to httpd isn't a good idea.