| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Jun 2011 11:04:46 +0800 From: YGN Ethical Hacker Group <lists@...g.net> To: jacqui.caren@...world.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities > Did you really test a code base that is a version of an old Joomla base No > or did you look at the code, and test old Joomla bugs against it? No The XSS results are from purely blackbox scan on Mambo 4.6.5. Joomla (Joomla! 1.0.0) was released on September 16, 2005. It was a re-branded release of Mambo 4.5.2.3 which, itself, was combined with other bug and moderate-level security fixes. >>From that statement, it can be assumed that the code bases of Mambo 4.5.2.4 and higher are different from those of Joomla! 1.1 and higher. As you can say so, we may sync old Joomla! 1.x bugs in Mambo 4.6.x. But it may be time-consuming to analyze the code changes and validity of bugs in each version of both CMS. https://secure.wikimedia.org/wikipedia/en/wiki/Joomla http://www.joomla.org/announcements/general-news/154-introducing-joomla-10.html > I thought these were found in Joomla ages ago? > No. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists