Month: April 2005

  • Disclosure: bBlog 0.7.4 Multiple Vulnerabilities

    [This was originally disclosed on the SourceForge bug tracker. VulnDB 15754, 15755, & 15756] in 0.7.4: The blog entry title field seems prone to cross site scripting (XSS) attacks. The blog/comment body text seems prone to XSS as well. In the index.php script, the postid variable seems prone to SQL injection attacks.

  • Predicting Vulnerabilities, Quotes and More

    [This was originally published on the OSVDB blog.] Interesting article for several reasons. Below are some of the interesting quotes that stood out to me and may prove to be interesting topics. Hackers exploit Windows patchesBy Mark WardLast Updated: Thursday, 26 February, 2004, 10:54 GMT “We have never had vulnerabilities exploited before the patch…

  • Days of Risk

    [This was originally published on the OSVDB blog.] The last few months have seen a lot more talk about the “Days of Risk”. In short, vendors like Microsoft say the days of risk are the time between vulnerability information (or an exploit) being released and a system being patched. So if a new vulnerability is…