Two XSS vulnerabilities were disclosed for hlstats v1.35 on 19/5/2007 which are also functional for hlstatsx V1.01. So far there has not been any info on a patch/fix for this on their site. I'm sure this vulnerability you are mentioning was patched, but these two new ones aren't. I have personally verified their existence in the latest hlstatsx version. Again, proof of this can be provided off-list. --- Regime http://www.livebythegun.com/
Dan E wrote: > http://www.hlstatsx.com/download/current > "Fixed: Webpage Vulnerability." > > So this should no longer be an issue as long as you have the most up-to-date > release, correct? > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of NaughtyGeek > Sent: Sunday, May 20, 2007 5:48 PM > To: [email protected] > Subject: [Bulk] RE: [hlds] unwanted rcon from unknown > > There was a security flaw in HLStatsX in December. They issued an email to > premium members stating that passwords were potentially compromised and > suggested changing them. I have copied the email below. > > > > > Dear Customer, > > We have been informed about an undocumented security related bug in one of > our > systems. It could have been possible that your rcon password could be > retrieved. > The problem has been fixed immediately. > > We strongly recommend, that you change your rcon password as soon as > possible to > avoid problems with your gameserver. > > We apologize for any inconveniences this may cause. > > Best regards > > The HLstatsX - Team > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
