| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060131024740.GA7790@tifaware.com> Date: Tue Jan 31 02:48:02 2006 From: theall at tifaware.com (George A. Theall) Subject: ashnews Cross-Site Scripting Vulnerability On Tue, Jan 31, 2006 at 12:50:05AM +0000, Dan B UK wrote: > Did you even look at the source code for this script. If you had then > you would see that in the case of register_global's being turned on > there is a bigger issue to worry about; Remote/Local File Inclusion - > Server side. Is this different from what Phil Dunn reported 2.5 years ago? http://www.securityfocus.com/archive/1/329910 George -- theall@...aware.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060130/856ccda8/attachment.bin
Powered by blists - more mailing lists