lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 3 Nov 2009 10:50:21 +0100
From: Lostmon lords <lostmon@...il.com>
To: moderators@...db.org, bugs@...uritytracker.com,
	vuldb@...urityfocus.com, vuln@...unia.com,
	submissions@...ketstormsecurity.org, news@...uriteam.com,
	xforce@....net, Vuln@...irt.com, bugtraq@...urityfocus.com,
	lostmon@...glegroups.com
Subject: Fwd: {Lostmon´s Group} Re: Wowd search client multiple variable xss (solution)

hello
I receive today this response from word search engine developer
i test the new version of Wowd client ( 1.3.1 ) and this issue
http://lostmon.blogspot.com/2009/10/wowd-search-client-multiple-variable.html
is now solved.

Thnx for your time !!!


---------- Forwarded message ----------
From: Bill York <wmyork@...il.com>
Date: 2009/11/3
Subject: {Lostmon´s Group} Re: Wowd search client multiple variable xss
To: Lostmon´s Group <lostmon@...glegroups.com>



I am Bill York, VP of Engineering for Wowd. Thank you for bringing the
cross-site scripting vulnerability to our attention.

The bug created a "non-persistent" cross-site scripting security
vulnerability. We fixed this bug on our web site on October 28, the
day after
it was discovered, and have fixed it in version 1.3.1 of our local
client
application, which was released on Monday, November 2. The update has
been applied to almost all running instances of Wowd. To our
knowledge, no
exploit for this bug was actually attempted and none of our users were
affected. Please contact us at feedback@...d.com if you have any
questions.


--~--~---------~--~----~------------~-------~--~----~
Has recibido este mensaje porque estás suscrito a Grupo "Lostmon´s
Group" de Grupos de Google.
 Si quieres publicar en este grupo, envía un mensaje de correo
electrónico a lostmon@...glegroups.com
 Para anular la suscripción a este grupo, envía un mensaje a
lostmon+unsubscribe@...glegroups.com
 Para obtener más opciones, visita este grupo en
http://groups.google.com/group/lostmon?hl=es.

-~----------~----~----~----~------~----~------~--~---




-- 
atentamente:
Lostmon (lostmon@...il.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ