I CARE
On 3/4/07, Lolek of TK53 [EMAIL PROTECTED] wrote:
Hi,
On 3/2/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Author: Sebastian Bauer
Web: http://blog.gjl-network.net
Date: 01/12/07
Vuln. website: http://www.knorr.de
Vulnerability: SQL Injection (mainly login authentication bypass +
Hi,
On 3/2/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Author: Sebastian Bauer
Web: http://blog.gjl-network.net
Date: 01/12/07
Vuln. website: http://www.knorr.de
Vulnerability: SQL Injection (mainly login authentication bypass + any
other SQL inj.
possibility), XSS
Significance: Very
Author: Sebastian Bauer
Web: http://blog.gjl-network.net
Date: 01/12/07
Vuln. website: http://www.knorr.de
Vulnerability: SQL Injection (mainly login authentication bypass + any
other SQL inj.
possibility), XSS
Significance: Very Critical
On 3/2/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Significance: Very Critical
For who, the sauce-people? Not for me.
All problems found have been discussed with Unilever, the mother
company of Knorr and
have been fixed before the release of this document.
Sooo, why should anyone
The point why I rated those problems as high risk was that due to this
problems free access to all user data was possible.
And problems that will offer any kind of user data (including
unencrypted passwords) is a significant security risk from my point of
view (see the latest problems
I was also going to query the way vulnerabilities are rated on a
personal level here...
Significance: Double Plus Ungood
It's always nice to see problems being solved instead of just
targeted, while maintaining disclosure though Sebastian.
Regards,
Joe.
On 02/03/07, Knud Erik Højgaard [EMAIL
Significance: Very Critical
I'm very pro-disclosure. I do see a point in disclosing flaws in software
or hardware we might use. I do see a point in reporting flaws in websites
we rely on (banks, online shops). Hey, there might even be a weak case for
shaming security vendors, IT companies, or