[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Vulnerabilities in NING networks

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Vulnerabilities in NING networks
From: GulfTech Security Research <security@xxxxxxxxxxxx>
Date: Tue, 31 Aug 2010 09:48:31 -0400

There are several security issues within the popular NING platform that 
can be combined to silently take control of user accounts, write self 
replicating malicious applications (malware), and more.

Attempts to contact NING in order to resolve these issues were unsuccessful.

Additional Details:
http://0x6a616d6573.blogspot.com/2010/08/ninga-please.html

Proof of Concept:
https://docs.google.com/leaf?id=0B5oxcQ53hliTZmEyYjg5NjEtMDRiOS00MTg1LWE0NjEtOGViOGZhMTYyMGZi&hl=en

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [USN-981-1] libwww-perl vulnerability
Next by Date: Re: [Full-disclosure] Expired certificate
Previous by thread: [Full-disclosure] [USN-981-1] libwww-perl vulnerability
Index(es):
- Date
- Thread