Open-AudIT
https://www.open-audit.org/phpBB3/

[Full-disclosure] GVI 2010-02 Multiple vulnerabilities in O
https://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3746
Page 1 of 1

Author:  sideone [ Tue Aug 03, 2010 12:29 am ]
Post subject:  [Full-disclosure] GVI 2010-02 Multiple vulnerabilities in O

Hey all-

I have just rolled out OA throughout my domain. I have compared the product against a few alternatives, and found OA to suit my needs perfectly. I have a couple issues where some systems do not report everyday(through logon/single system), but as i do not need *extremely* timely information, it is not a worry. The OA product is excellent! I Can't wait for the next version!

Anyhow, during my implementation, i had researched some of the vulns for the project and found some cross site scripting issues.

[url]http://www.gardienvirtuel.ca/wp-content/uploads/2010/05/GVI-2010-02-EN.txt
[/url]

I was wondering if the project has already been patched to fix the issues or if the code was being rewritten for v2?

thanks,

sideone.

Author:  Mark [ Sun Oct 03, 2010 3:51 pm ]
Post subject:  Re: [Full-disclosure] GVI 2010-02 Multiple vulnerabilities in O

This vuln does not exist in OAv2.

As far as a cross site scripting vuln, as Open-AudIT is NOT designed to be deployed on the Internet, I consider this quite insignificant. Again - Open-AudIT is NOT designed to be exposed to the Internet.
I am not working on code for Open-AudIT anymore, however some of the other Developers are. They may have integrated this patch, I'm not sure.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/