[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: eTicket version 1.5.5 XSS Attack Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: eTicket version 1.5.5 XSS Attack Vulnerability
From: sf@xxxxxxxx
Date: 29 Jun 2007 09:56:41 -0000

The severity of this bug is inaccurate.

Considering this bug is simply XSS, and only available when register_globals is 
On I would consider this "Very Low".

Ultimately eTicket is not designed to work with register_globals On, please 
turn it off. It is set to off in php.ini by default.

Prev by Date: SQL Injection In Script VBZooM V1.12
Next by Date: Airscanner Advisory #07062901: FlexiSPY Victim/User Database Exposure (Full world readable access to ALL SMS/Emails/Voice data from victims/users)
Previous by thread: eTicket version 1.5.5 XSS Attack Vulnerability
Next by thread: rPSA-2007-0136-1 httpd mod_ssl
Index(es):
- Date
- Thread