From: "Antti Kurenniemi" 

"Geo"  wrote in message news:428bea03{at}w3.nls.net...
>> > I'd like to point out that asp and probably asp.NET are way more
>> > secure than php could ever hope to be.
>>
>> I don't think that's really true. Think about it, both spew out HTML and
>> parse back the results
>
> I don't have to think about it, monitor the security lists for 2 weeks, it
> will be obvious.
>
> 2005-05-09: PHP Group Exif Module IFD Nesting Denial Of Service
> Vulnerability
> 2005-05-09: PHP Group Exif Module IFD Tag Integer Overflow Vulnerability
> 2005-05-09: PHP Group PHP Image File Format Remote Denial Of Service
> Vulnerability
> 2005-05-09: PHP cURL Open_Basedir Restriction Bypass Vulnerability
> 2005-05-09: PHP Group PHP Remote JPEG File Format Remote Denial Of Service
> Vulnerability
> 2005-04-28: PHP Multiple Local And Remote Vulnerabilities
> 2005-04-13: PHP Group PHP Multiple Unspecified Vulnerabilities
> 2005-04-06: PHP Strip_Tags() Function Bypass Vulnerability
>
> Heck just look at the dates.

Yay, some of those look bad. Easy enough to fix something like
Strip_Tags(), but JPEG file format would not be cool to have to fix by
myself. Where do you get this list? I'd like to check a few of these (I use
PHP here and there a little).


Antti Kurenniemi

--- BBBS/NT v4.01 Flag-5