Re: eTicket version 1.5.5 XSS Attack Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: eTicket version 1.5.5 XSS Attack Vulnerability
From: sf@xxxxxxxx
Date: 29 Jun 2007 09:56:41 -0000

The severity of this bug is inaccurate.

Considering this bug is simply XSS, and only available when register_globals is On I would consider this "Very Low".

Ultimately eTicket is not designed to work with register_globals On, please turn it off. It is set to off in php.ini by default.

Prev by Date: SQL Injection In Script VBZooM V1.12
Next by Date: Airscanner Advisory #07062901: FlexiSPY Victim/User Database Exposure (Full world readable access to ALL SMS/Emails/Voice data from victims/users)
Previous by thread: eTicket version 1.5.5 XSS Attack Vulnerability
Next by thread: eTicket version 1.5.5 XSS Attack Vulnerability
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux