deV!L`z Clanportal - SQL Injection [061124a]

started searching 24 0:35 exploited 14:20 advisory finished 17:31 informed vendor that any user can get admin privileges 25 23:00 full disclosure to vendor 27 14:36 hotfix available on vendor website 12-01 10:00 full disclosure to the genera

deV!L`z Clanportal - Arbitrary File Upload [061124b]

sure to vendor 27 14:36 hotfix available on vendor website 12-01 10:45 full disclosure to the general public A B O U T T H E A U T H O R / =' Tim Weber, computer science student at the University of Mannheim, Germany, currently looking for an intern