[Dshield] Cross-site Scripting Vulnerability in Atrise EveryFind

John Sage jsage at finchhaven.com
Wed Oct 1 20:11:20 GMT 2003


Having been a participant in this list for a Long Time(tm), I ask a
question which, I suppose, one might say I should be able to already
answer, by virtue of my longstanding membership in this list...

On Wed, Oct 01, 2003 at 04:40:46PM +0100, Sintelli  wrote:
> Ezhilan of Sintelli has identified a Cross-Site Scripting Vulnerability
> in Atrise EveryFind 5.0.2.
> 
> Details of the vulnerability are provided here:
> http://www.sintelli.com/adv/sa-2003-01-everyfind.pdf
> 
> Users are advised to upgrade to EveryFind 5.0.3
> http://www.atrise.com/everyfind/version.html
> 
> Regards
> Sintelli
> 
> Week 39, 2003 Security Vulnerabilities
> http://www.sintelli.com/sinweek/week39-2003.pdf

When did the list charter expand to redundantly include cross-posting
of allegedy application vulverabilty reports, many of which seems to
double as advertising for the companies that have made these alleged
"discoveries".

I say "redundantly include" because there are several other lists
which deal exclusively with alleged app vulnerabilities, which has a
practical effect (for me at least..) that I am receiving these
cross-posted vulnerability reports three and four times over, not to
mention all of the cross-posted replies.

(Please note that I deleted all cross-post references, so that my reply
will stay within this list only).

Ever curious, I remain...


- John
-- 
"Warning: time of day goes back, taking countermeasures."
John Sage
InfoSec Groupie
-
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
-
ATTENTION: this message is privileged communication. If you read it
even though you aren't supposed to, you're a poopy-head.




More information about the list mailing list