lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Sep 2014 03:56:52 -0300 From: Fernando Mercês <nandu88@...il.com> To: fulldisclosure@...lists.org Subject: Re: [FD] Fwd: Security Access It is funny they say "we secure your data" and use root/root as mysql credentials. :D Att, Fernando Mercês Linux Registered User #432779 www.mentebinaria.com.br ------------------------------------ "Ninguém pode ser escravo de sua identidade; quando surge uma possibilidade de mudança é preciso mudar". (Elliot Gould) On Fri, Sep 12, 2014 at 2:25 AM, Pedrov Jovovic <pedrov.jovovic@...il.com> wrote: > Hello This is my first post . > > Here are the details : > > Website : http://www.comguard.net/ - (Security Expoerts) > I already sent them 2 emails and i didn't get a reply. The Security bug is > really simple , i was able to get to this link > http://www.comguard.net/include/ which lists all the files in the server. > You can even download php files containing sensitive data including db > password. Let me know if you need any additional details > > Regards > > > ---------- Forwarded message ---------- > From: Fyodor <fyodor@...p.org> > Date: Fri, Sep 12, 2014 at 1:12 AM > Subject: Re: Security Access > To: Pedrov Jovovic <pedrov.jovovic@...il.com> > > > On Tue, Aug 19, 2014 at 9:36 PM, Pedrov Jovovic <pedrov.jovovic@...il.com> > wrote: > > > Hello , i found a security issue in www.comguard.net. I already send > them > > 2 email and would like to disclose the information through your website > is > > that ok? > > > > Yes, you can mail details to the fulldisclosure list. > > Cheers, > Fyodor > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists