Exploit DB 14615 / Bugtraq 42353, which concerns a file disclosure vuln in phpMUR, looks bogus to me. At least in phpMUR.2007.10.16, the current version, the affected file is a class file, and you can't reach any of the member functions by calling the script directly as the advisory claims. George -- theall at tenablesecurity.com