<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2722" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV> </DIV>
<DIV style="FONT: 10pt arial">----- Original Message -----
<DIV style="BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A
title=p.tamilselvan@gmail.com href="mailto:p.tamilselvan@gmail.com">Tamil
Selvan</A> </DIV>
<DIV><B>To:</B> <A title=php-people@yahoogroups.co.in
href="mailto:php-people@yahoogroups.co.in">php-people@yahoogroups.co.in</A> ; <A
title=php-objects@yahoogroups.com
href="mailto:php-objects@yahoogroups.com">php-objects@yahoogroups.com</A> </DIV>
<DIV><B>Sent:</B> Thursday, September 01, 2005 5:45 AM</DIV>
<DIV><B>Subject:</B> [php-objects] PHP hit by another critical flaw.</DIV></DIV>
<DIV><BR></DIV><TT>Hi,<BR>An Article About PHP.<BR>Please read it.<BR>*A fresh
security flaw has surfaced in widespread Web service protocol PHP <BR>which
could allow attackers to take control of vulnerable servers.<BR><BR>The bug was
found in XML-RPC For PHP and PEAR XML_RPC as the result of a <BR>security audit
by the Hardened-PHP project. The group said it decided to <BR>carry out its own
audit after other flaws were disclosed in the two <BR>libraries earlier this
summer. <BR><BR><BR>The new bug takes advantage of a technique similar to the
earlier bugs, <BR>involving eval() statements, Hardened-PHP said. "To get rid of
this and <BR>future eval() injection vulnerabilities, the Hardened-PHP Project
has <BR>developed together with the maintainers of both libraries a fix that
<BR>completely eliminates the use of eval() from the library," the project said
<BR>in its advisory.<BR><BR>XML-based RPC (Remote Procedure Call) systems such
as XML-RPC are used with <BR>HTTP to power Web services, a simple and
increasingly popular way of <BR>providing services online. XML-RPC For PHP (also
called PHPXMLRPC) and PEAR <BR>XML_RPC implement XML-RPC for the PHP scripting
language.<BR><BR>The bug affects a large number of Web applications,
particularly PHP-based <BR>blogging, wiki and content management programs,
according to security <BR>experts. The PHPXMLRPC and PEAR XML_RPC libraries is
used in many popular <BR>Web applications such as PostNuke, Drupal, b2evolution
and TikiWiki.<BR><BR>Content-management systems and blogs are increasingly used
by large <BR>corporations as a way of interacting with customers and the public
- IBM <BR>even jumped into the enterprise blogging game recently.<BR><BR>Version
1.4.0 of PEAR XML_RPC fixes the problem, and is available from the <BR>PEAR
website.<BR><BR>PHPXMLRPC is fixed with version 1.2, available from the
PHPXMLRPC project <BR>site.<BR><BR>Software projects using the libraries have
issued their own updates fixing <BR>the problem; among these are the PHP
packages included with the Red Hat and <BR>Ubuntu Linux
distributions.<BR><BR>FrSIRT, the French Security Incident Response Team, gave
the flaw a <BR>"high-risk" rating and independent security firm Secunia said it
was "highly <BR>critical".*<BR>** <BR>*Tamil*<BR><BR><BR>[Non-text portions of
this message have been removed]<BR><BR></TT><!-- |**|begin egp html banner|**| --><BR><BR><TT>PHP Data
object relational mapping generator - <A
href="http://www.meta-language.net/">http://www.meta-language.net/</A></TT>
<BR><BR><!-- |**|end egp html banner|**| --><!-- |**|begin egp html banner|**| --><BR><BR>
<DIV
style="MARGIN-BOTTOM: 1px; WIDTH: 500px; COLOR: #909090; TEXT-ALIGN: right"><TT>SPONSORED
LINKS</TT> </DIV>
<TABLE cellSpacing=13 cellPadding=0 width=500 bgColor=#e0ecee>
<TBODY>
<TR vAlign=top>
<TD style="WIDTH: 25%"><TT><A
href="http://groups.yahoo.com/gads?t=ms&k=Php+developer&w1=Php+developer&w2=Basic+programming+language&w3=Computer+programming+languages&w4=Programming+languages&w5=Object+oriented+programming+tutorial&w6=Java+programming+language&c=6&s=187&.sig=E54kHe-H0HpEKMD07V3RGw">Php
developer</A></TT> </TD>
<TD style="WIDTH: 25%"><TT><A
href="http://groups.yahoo.com/gads?t=ms&k=Basic+programming+language&w1=Php+developer&w2=Basic+programming+language&w3=Computer+programming+languages&w4=Programming+languages&w5=Object+oriented+programming+tutorial&w6=Java+programming+language&c=6&s=187&.sig=VnuKkeCAxdrAAE9-23d7Qg">Basic
programming language</A></TT> </TD>
<TD style="WIDTH: 25%"><TT><A
href="http://groups.yahoo.com/gads?t=ms&k=Computer+programming+languages&w1=Php+developer&w2=Basic+programming+language&w3=Computer+programming+languages&w4=Programming+languages&w5=Object+oriented+programming+tutorial&w6=Java+programming+language&c=6&s=187&.sig=K_RkoUAE9oNBZpCd1axeNg">Computer
programming languages</A></TT> </TD></TR>
<TR vAlign=top>
<TD style="WIDTH: 25%"><TT><A
href="http://groups.yahoo.com/gads?t=ms&k=Programming+languages&w1=Php+developer&w2=Basic+programming+language&w3=Computer+programming+languages&w4=Programming+languages&w5=Object+oriented+programming+tutorial&w6=Java+programming+language&c=6&s=187&.sig=tRU26qhza3U-Fhx7pb49-g">Programming
languages</A></TT> </TD>
<TD style="WIDTH: 25%"><TT><A
href="http://groups.yahoo.com/gads?t=ms&k=Object+oriented+programming+tutorial&w1=Php+developer&w2=Basic+programming+language&w3=Computer+programming+languages&w4=Programming+languages&w5=Object+oriented+programming+tutorial&w6=Java+programming+language&c=6&s=187&.sig=JkfckoC1oFw4w6if5c6YZw">Object
oriented programming tutorial</A></TT> </TD>
<TD style="WIDTH: 25%"><TT><A
href="http://groups.yahoo.com/gads?t=ms&k=Java+programming+language&w1=Php+developer&w2=Basic+programming+language&w3=Computer+programming+languages&w4=Programming+languages&w5=Object+oriented+programming+tutorial&w6=Java+programming+language&c=6&s=187&.sig=sUKtmeOhO0DJbtcEeyUPNw">Java
programming language</A></TT> </TD></TR></TR></TBODY></TABLE><!-- |**|end egp html banner|**| --><!-- |**|begin egp html banner|**| --><BR>
<DIV style="WIDTH: 500px; COLOR: #909090; TEXT-ALIGN: center">
<HR style="WIDTH: 500px; BORDER-BOTTOM: 1px; TEXT-ALIGN: left">
<TT>YAHOO! GROUPS LINKS</TT> </DIV><BR>
<UL><TT>
<LI type=square> Visit your group "<A
href="http://groups.yahoo.com/group/php-objects">php-objects</A>" on the
web.<BR> </TT> <TT>
<LI type=square> To unsubscribe from this group, send an email
to:<BR> <A
href="mailto:php-objects-unsubscribe@yahoogroups.com?subject=Unsubscribe">php-objects-unsubscribe@yahoogroups.com</A><BR> </TT>
<TT>
<LI type=square> Your use of Yahoo! Groups is subject to the <A
href="http://docs.yahoo.com/info/terms/">Yahoo! Terms of Service</A>.</TT>
</LI></UL><BR>
<DIV style="WIDTH: 500px; COLOR: #909090; TEXT-ALIGN: center">
<HR style="WIDTH: 500px; BORDER-BOTTOM: 1px; TEXT-ALIGN: left">
</DIV><BR><!-- |**|end egp html banner|**| --></BODY></HTML>