On Fri, Mar 01, 2013 at 11:50:00PM +0200, MustLive wrote: > I'm resending my letter from February 23, 2013 (since FD was not working > that day). > > After my previous list of vulnerable software with ZeroClipboard.swf, here > is a list of software with ZeroClipboard10.swf. These are Cross-Site > Scripting vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django > and aCMS. > > Earlier I've wrote about Cross-Site Scripting vulnerabilities in > ZeroClipboard (http://seclists.org/fulldisclosure/2013/Feb/103). I wrote > that this is very widespread flash-file and it's placed at tens of thousands > of web sites. And it's used in hundreds of web applications. Among them are > em-shorty, RepRapCalculator, Fulcrum (CMS), Django and aCMS. And there are > many other vulnerable web applications with ZeroClipboard10.swf (some of > them also contain ZeroClipboard.swf).
So did you report this vulnerability to those projects? Even to security@ or similar address? I noticed this vulnerability from WordPress plugins. Did you report those? Did you ask CVE identifiers? -- Henri Salo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
