| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <39579.66.192.0.71.1051122614.squirrel@web.axisamerica.com> Date: Wed, 23 Apr 2003 14:30:14 -0400 (EDT) From: "badpack3t" <badpack3t@...urity-protocols.com> To: <ts@...urityoffice.net> Cc: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>, <vulnwatch@...nwatch.org>, <badpack3t@...urity-protocols.com>, <che@...unia.com>, <auto40951@...hmail.com> Subject: [VulnDiscuss] Re: Xeneo Webserver Vulnerability Tamer, You may want to correct yourself. You discovered http://target/% on an OLD (Xeneo 2.1.0.0 (PHP version) and 2.0.759.6 are vulnerable.) version. I found a different bug in there latest version (which was 2.2.9.0. at the time) by requesting a GET / with 4096 ?'s. Now how would this be the same as you released? Care to explain? --------------------------- -badpack3t www.security-protocols.com --------------------------- > Hi Folks, > > I contributed the vulnurability about Xeneo Webserver, mentioned below, > to iDefense on 4th, November 2002. All rights on this vulnurability > belongs to me and iDefense. > > Craps, > http://lists.netsys.com/pipermail/full-disclosure/2003-April/009371.html > http://lists.netsys.com/pipermail/full-disclosure/2003-April/009386.html > > My Advisories at iDefense, > http://www.idefense.com/advisory/11.04.02b.txt > > Please, without searching well, do not publish these kind of advisories. > > Cheers, > > Tamer Sahin > http://www.securityoffice.net
Powered by blists - more mailing lists