I know a lot of people on this list run the PHP app Gallery, so you might find this interesting: http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=134&mode=thread&order=0&thold=0 http://www.securityfocus.com/archive/1/373939 Here is a basic summary: Synopsis ======== The Gallery image upload code contains a temporary file handling vulnerability which could lead to execution of arbitrary commands. Vulnerable: < 1.4.4 Dont panic, you have to have a slightly unusual configuration to be really affected by this. *the Attacker has upload rights to an album (either via EVERYBODY, or other rights) *your Gallery temp directory is located inside the webroot. (Unusual, but not that out of the ordinary) *URL wrappers are enabled *Gallery is in debug/devMode or PHP is set to always display error messages -- Jay Kline http://www.slushpupie.com _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list