Month: April 2005

  • Disclosure: bBlog 0.7.4 Multiple Vulnerabilities

    [This was originally disclosed on the SourceForge bug tracker. VulnDB 15754, 15755, & 15756] in 0.7.4: The blog entry title field seems prone to cross site scripting (XSS) attacks. The blog/comment body text seems prone to XSS as well. In the index.php script, the postid variable seems prone to SQL injection attacks.

  • Predicting Vulnerabilities, Quotes and More

    [This was originally published on the OSVDB blog.] Interesting article for several reasons. Below are some of the interesting quotes that stood out to me and may prove to be interesting topics. http://news.bbc.co.uk/1/hi/technology/3485972.stm Hackers exploit Windows patchesBy Mark WardLast Updated: Thursday, 26 February, 2004, 10:54 GMT “We have never had vulnerabilities exploited before the patch…

  • Days of Risk

    [This was originally published on the OSVDB blog.] The last few months have seen a lot more talk about the “Days of Risk”. In short, vendors like Microsoft say the days of risk are the time between vulnerability information (or an exploit) being released and a system being patched. So if a new vulnerability is…