Re: [Full-disclosure] BF, CSRF, and IAA vulnerabilities in websecurity.com.ua

I was asking for your opinion. On Tue, Jan 1, 2013 at 7:31 PM, some one wrote: > If you reread what i posted you will see that i do not give my opinion on > the quality of his posts. I will keep that to myself, I just state that its > better than dudes (and your) troll posts. > > Regards > On J

Re: [Full-disclosure] BF, CSRF, and IAA vulnerabilities in websecurity.com.ua

So you would say, that you find the things he posts "of interest"? Please expand on how and why anti automation bugs in unknown cms's are "of interest"? On Mon, Dec 31, 2012 at 11:58 PM, some one wrote: > If you do not like or find of interest what the guy posts is it not easier > to just press

Re: [Full-disclosure] BF, CSRF, and IAA vulnerabilities in websecurity.com.ua

If you do not like or find of interest what the guy posts is it not easier to just press delete or filter him out rather than try to make fun of him? Give the dude a break man, hes submitting more things of interest than you are and you just make yourself sound bitter and twisted. Its new year ma

[Full-disclosure] CubeCart 5.x | Multiple Cross Site Scripting Vulnerabilities

1. OVERVIEW CubeCart 5.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online store w

[Full-disclosure] CubeCart 5.x | Cross Site Request Forgery (CSRF) Vulnerability

1. OVERVIEW CubeCart 5.x versions are vulnerable to Cross Site Request Forgery (CSRF). 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful o

Re: [Full-disclosure] CubeCart 5.0.7 and lower versions | Insecure Backup File Handling

5.x only On Sat, Dec 29, 2012 at 11:02 AM, Sean Jenkins wrote: > Is it known if this exploit affects CubeCart versions 3.x and/or 4.x, or > just 5.0.[0..6]? > > Sean Jenkins > Sr. System Administrator > > > On 12/28/2012 8:13 AM, YGN Ethical Hacker Group wrote: >> >> 1. OVERVIEW >> >> CubeCart 5

[Full-disclosure] Charybdis: Improper assumptions in the server handshake code may lead to a remote crash. (CAPAB module)

> > > > Access vector: network > Access complexity: low > Authentication requirement: none > > Confidentiality impact: none > Integrity impact: none > Availability impact: complete > > CVSSv2 temporal score: 6.4 > > Exploitability: functional exploit exists > Remediation level: official fix > Repor