|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Privacy hole in Go Express Search
Subject: Privacy hole in Go Express Search
From: Alfred Huger (ah
SECURITYFOCUS.COM)
Date: Mon Dec 13 1999 - 16:51:54 CST
- Next message: Markus Friedl: "sshd1 allows unencrypted sessions regardless of server policy"
- Previous message: Aleph One: "Security Vulnerability in VVOS TGP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
---------- Forwarded message ----------
Date: 13 Dec 1999 03:23:39 -0000
From: roxensecurityfocus.com
To: suggestionssecurityfocus.com
Subject: Link Suggestion
Link Name: Privacy hole in Go Express Search
Link URL: http://www.mobileunit.org/advisories/001/
Description:
Disney's Go Express Search operates an http server at port 1234 without authentication. Remote users can submit search
queries, and view queries and personal links left by other users. It's possible to access the configuration interface, which can
reveal the e-mail address of the user who registered it. Configuration settings can be changed remotely to, for instance, add,
remove or alter personal links.
- Next message: Markus Friedl: "sshd1 allows unencrypted sessions regardless of server policy"
- Previous message: Aleph One: "Security Vulnerability in VVOS TGP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Tue Dec 14 1999 - 11:33:07 CST