On Tue, Oct 02, 2012 at 07:16:11AM +0100, Scott Herbert wrote:
-
Affected products:
-
Product : Zenphoto 1.4.3.2 (and maybe older) fixed in 1.4.3.3
Affected function:printPublishIconLink
--
Details:
--
[mailto:he...@nerv.fi]
Sent: 08 October 2012 15:42
To: Scott Herbert; secur...@zenphoto.org
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Cookie stealing and XSS vulnerable in
Zenphoto
version 1.4.3.2
On Tue, Oct 02, 2012 at 07:16:11AM +0100, Scott Herbert wrote
On Tue, Oct 02, 2012 at 07:16:11AM +0100, Scott Herbert wrote:
-
Affected products:
-
Product : Zenphoto 1.4.3.2 (and maybe older) fixed in 1.4.3.3
Affected function:printPublishIconLink
--
Details:
--
Message-
From: Henri Salo [mailto:he...@nerv.fi]
Sent: 08 October 2012 15:42
To: Scott Herbert; secur...@zenphoto.org
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Cookie stealing and XSS vulnerable in
Zenphoto
version 1.4.3.2
On Tue, Oct 02, 2012 at 07:16:11AM +0100
-
Affected products:
-
Product : Zenphoto 1.4.3.2 (and maybe older) fixed in 1.4.3.3
Affected function: printPublishIconLink
--
Details:
--
The file admin-news-articles.php calls the function
Why did you report this to UKCERT?
On Tue, Oct 2, 2012 at 7:16 AM, Scott Herbert
scott.a.herb...@googlemail.com wrote:
-
Affected products:
-
Product : Zenphoto 1.4.3.2 (and maybe older) fixed in 1.4.3.3
Affected function:
At the time I thought this was the correct way to report things. I've
since stopped spamming them with every little hole I find.
I couldn't find a n00b's guide to reporting, so I'm making it up as I go
along. If there is a guide online somewhere I'd 1) love to read it and 2)
think it should be