exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Comments from todd

All Comments

This should be a good conference.

2018-09-05 16:20:56 UTC | Permalink

Updated per the notification from the vendor and the researcher to note the version as 0.2.3.

2014-09-03 21:13:50 UTC | Permalink

Thanks for the note butterback. Do you have a demo version of this software online? Are you using a minted nonce to mitigate CSRF?

Eyup - any response?

2013-08-28 02:17:39 UTC | Permalink

No luck eh?

2013-08-28 02:12:32 UTC | Permalink

Loses UNIX permissions? What does that mean exactly? What happens if the system is configured to allow PHP uploads, does the issue persist?

Any comment on the cross site request forgery issue? Thanks.

2013-08-28 02:11:30 UTC | Permalink

Sorry about that, it's been fixed.

2012-02-14 16:27:39 UTC | Permalink

Actually, I retested and this only works with Administrator rights (which is what your default account is) and using "at" is a known method to RunAs SYSTEM in this case. I've updated the description accordingly.

2011-06-14 13:07:50 UTC | Permalink

Worked for us earlier. Will re-verify later today and will re-comment.

2011-06-13 16:34:23 UTC | Permalink

Updated. Thanks for noting the change.

2011-05-27 22:21:16 UTC | Permalink

Updated it to note as such. Thanks for letting us know.

2011-03-03 01:21:14 UTC | Permalink

Actually, someone would have known about this. In particular, the person that sent us this information. Even once fixed, it is important that this information is conveyed to your users as they may not update if their vendor quietly fixes this without noting it as a security issue.

2011-02-26 06:51:58 UTC | Permalink

@valentin: we're looking into seeing what we can do about the comment thing.

As an aside, both secunia and exploit-db *have* posted this finding regarding openEngine.. :)



2010-11-23 17:56:18 UTC | Permalink

It's about time. I was getting tired of having to walk around the corner.

2010-11-19 02:08:02 UTC | Permalink

Thanks for the note. Unfortunately, we are not always able to verify everything that comes down the wires, though I have reached out to the secpod team to see if I can find out any additional information/proof regarding their claims.

2010-11-17 18:36:31 UTC | Permalink
Page 1 of 1

Top Authors In Last 30 Days

packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By