Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: eTicket version 1.5.5 XSS Attack Vulnerability

from [sf] Network Security [Permanent Link]
Subject: Re: eTicket version 1.5.5 XSS Attack Vulnerability
Date: 29 Jun 2007 09:56:41 -0000 
The severity of this bug is inaccurate.

Considering this bug is simply XSS, and only available when register_globals is 
On I would consider this "Very Low".

Ultimately eTicket is not designed to work with register_globals On, please 
turn it off. It is set to off in php.ini by default.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SQL Injection In Script VBZooM V1.12, RaeD
Next by Date:  Airscanner Advisory #07062901: FlexiSPY Victim/User Database Exposure (Full world readable access to ALL SMS/Emails/Voice data from victims/users), Airscanner Corp.
Previous by Thread:  eTicket version 1.5.5 XSS Attack Vulnerability, securityresearch
Next by Thread:  XEForum Cookie Modification Privilege Escalation Vulnerability, Firewall1954
Indexes:  [Date] [Thread] [Top] [All Lists]