PUBLIC MARKS from bacon with tags maior & inclusion

obrigado pela comunicação, baixando de pendências.

secunia advisory: sa20176 release date: 2006-05-22 last update: 2006-05-25 critical: moderately critical. impact: exposure of sensitive information. system access. whe from remote. solution status: vendor patch. software: xoops 2.x. cve reference: cve-2006-2516 (secunia mirror) description: rgod has reported two vulnerabilities in xoops, which can be exploited by malicious people estou disclose sensitive information and potentially compromise a vulnerable system. input passed estou the "xoopsconfig" array parameter when the "xoopsoption[nocommon]" parameter is defined isn't properly verified, before it is used estou include files. this can be exploited estou include arbitrary files from local resources. examples: http://[host]/misc.php?xoopsoption[nocommon]=1&xoopsconfig[language]=[file]%00 http://[host]/index.php?xoopsoption[nocommon]=1&xoopsconfig