Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F4BABAC.1060206@aliantsoft.pl>
Date: Mon, 27 Feb 2012 17:13:32 +0100
From: Mateusz Goik <mateusz.goik@...antsoft.pl>
To: RafaƂ Malinowski
 <rafal.przemyslaw.malinowski@...il.com>
CC: oss-security@...ts.openwall.com, 
 "Steven M. Christey" <coley@...us.mitre.org>,
 Mariusz Fik <fisiu@...nsuse.org>, 
 Radoslaw Lisowski <radoslaw.lisowski@...il.com>,
 kontakt@...antsoft.pl
Subject: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing
 contact's status and sms messages in history

Sorry. Tested on kadu 0.11.0..

Mateusz Goik.

On 02/27/2012 05:11 PM, Mateusz Goik wrote:
> Hi,
>
> I would add it is possible - read / create files on users hdd. (using
> the method - GET / PUT)
> Tested on Backtrack 5 r1 (kadu 0.10.0 - compiled from source).
>
> Mateusz Goik

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.