Martin Schulze <[EMAIL PROTECTED]> writes: > How can the diricons and config parameters be exploited? From a quick > glance I can't find an open associated with $DirIcons.
The diricons issue is a XSS vulnerability. It has nothing to do with the two other holes (which lead to arbitrary code execution) other than they all are a case of missing input sanitizing. Hendrik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
