In-Reply-To: <NGEHLEPKOGIHAIJAMDPKEEOBCIAA.bugtraq@xxxxxxxxxxxx> If you read the changelog you would have noticed this was fixed over a month ago. http://layer1.cpanel.net/ChangeLog.cgi?output=html Laziness is no excuse for not reporting vulnerabilities to a vendor first. If you can sign up to bugtraq to report an old, already fixed hole, then creating a bugzilla login surely can't be too much trouble. You can simply email security@xxxxxxxxxx with information as well. As a vendor we take legitimate security concerns very seriously and usually have a fix released within a few hours of notification, it's a shame some people don't try to take advantage of this effort.
