lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Dec 2009 09:00:57 -0800 From: Andrew Farmer <andfarm@...il.com> To: John Dos <dotdefeater@...glemail.com> Cc: bugtraq <bugtraq@...urityfocus.com> Subject: Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management On 30 Nov 2009, at 07:48, John Dos wrote: > After passing the Basic Auth login you can create/delete applications. If Basic auth is the only protection, isn't dotDefender also vulnerable to XSRF?
Powered by blists - more mailing lists