Open-AudIT https://www.open-audit.org/phpBB3/ |
|
[Full-disclosure] GVI 2010-02 Multiple vulnerabilities in O https://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3746 |
Page 1 of 1 |
Author: | sideone [ Tue Aug 03, 2010 12:29 am ] |
Post subject: | [Full-disclosure] GVI 2010-02 Multiple vulnerabilities in O |
Hey all- I have just rolled out OA throughout my domain. I have compared the product against a few alternatives, and found OA to suit my needs perfectly. I have a couple issues where some systems do not report everyday(through logon/single system), but as i do not need *extremely* timely information, it is not a worry. The OA product is excellent! I Can't wait for the next version! Anyhow, during my implementation, i had researched some of the vulns for the project and found some cross site scripting issues. [url]http://www.gardienvirtuel.ca/wp-content/uploads/2010/05/GVI-2010-02-EN.txt [/url] I was wondering if the project has already been patched to fix the issues or if the code was being rewritten for v2? thanks, sideone. |
Author: | Mark [ Sun Oct 03, 2010 3:51 pm ] |
Post subject: | Re: [Full-disclosure] GVI 2010-02 Multiple vulnerabilities in O |
This vuln does not exist in OAv2. As far as a cross site scripting vuln, as Open-AudIT is NOT designed to be deployed on the Internet, I consider this quite insignificant. Again - Open-AudIT is NOT designed to be exposed to the Internet. I am not working on code for Open-AudIT anymore, however some of the other Developers are. They may have integrated this patch, I'm not sure. |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |