|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Charles Miller (cmiller
securityevaluators.com)
Date: Fri Jul 06 2007 - 10:56:47 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Have you guys seen the public auction site selling 0-days:
http://www.wslabi.com/wabisabilabi/initPublishedBid.do?
Its probably not a good idea to give out so much information about
the vulnerabilities. The Squirrelmail GPG Plugin one says its a
command injection vulnerability. Shouldn't be too hard to rediscover
that. Looking at it for 10 minutes, it looks like the exec in
gpg_sign_attachment() where shell meta characters are in
$passphrase. I'm too lazy to install it and check. I guess I could
pay 1750 euros and find out! The MKPortal one looks pretty easy to
find too.
Its nice for someone to point these bugs out so we can go look for them!
Probably not the smartest way to run the site...
Charlie
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]