Re: RE: TimeTrex Time and Attendance Cookie Theft

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: RE: TimeTrex Time and Attendance Cookie Theft
From: hi@xxxxxx
Date: 22 Aug 2008 18:53:29 -0000

Even if it did work, the user would have to submit the form with the username or password fields containing the exploit code rather then enter their own information.

Pretty unlikely to pull off.

Regardless I talked to the developers and any potential issue will be fixed in v2.2.13 which is scheduled to be released before August 25th 2008.

Prev by Date: [oCERT-2008-008] multiple heap overflows in xine-lib
Next by Date: [SECURITY] [DSA 1631-1] New libxml2 packages fix denial of service
Previous by thread: Re: TimeTrex Time and Attendance Cookie Theft
Next by thread: PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux