| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Aug 2013 17:41:41 +0300
From: Henri Salo <henri@...v.fi>
To: MustLive <mustlive@...security.com.ua>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: XSS and CS vulnerabilities in aCMS
On Thu, Aug 01, 2013 at 04:11:31PM +0300, MustLive wrote:
> ------------
> Timeline:
> ------------
>
> 2013.03.04 - informed developers about part of the vulnerabilities.
> 2013.04.03 - informed developers about another part of the vulnerabilities.
> 2013.04.07 - informed developers about another part of the vulnerabilities.
> 2013.05.24 - announced at my site.
> 2013.05.25 - informed developers about another part of the vulnerabilities.
> 2013.05.26 - informed developers about another part of the
> vulnerabilities. In all cases the developers just ignored all
> messages via different e-mails and contact form.
> 2013.07.31 - disclosed at my site (http://websecurity.com.ua/6535/).
How did vendor ignore you in 2013.05.26 entry exactly?
---
Henri Salo
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists