On 22 Dec 2015, at 1:16pm, Matthias-Christian Ott wrote:
> Some software uses the affected versions and it's a good idea they know
> that the software is affected. It's a matter of transparency.
But it doesn't say when the vulns are fixed so it's not useful to people
looking to fix their
On 2015-12-22 13:48, Richard Hipp wrote:
> I do not know where those vulnerability reports originated. They did
> not originate from me. For that matter, I was never consulted about
> them. None of them represent real vulnerabilities, in my assessment.
> All of the problems identified have been
Thanks Clemens for your inputs
We are using parametrized queries and don't have any user interface where
user can modify anything currently. Its almost a read only application.
Our is a file management application
But we will come up with some functionality where user will be able to
upload
Hi All,
We use SQlite 3.8.8.3 in our Windows 8.1 universal application.
We are also using SQLitePCL as a wrapper to work from c# layer.
Our application is free of any kind of SQL injection as we don't have any
input fields.
We see three vulnerabilities reported recently.
On 22 Dec 2015, at 7:02am, Saurav Sarkar wrote:
> But the queries will be always parametrized ones.
Exploits 1 and 2 are controlled by things which can't be parameterised.
I'm not 100% sure about the format string of a printf, but I can't think of a
way to parameterise it. So you would seem
On 12/22/15, Simon Slavin wrote:
>
> On 22 Dec 2015, at 7:02am, Saurav Sarkar wrote:
>
>> But the queries will be always parametrized ones.
>
> Exploits 1 and 2 are controlled by things which can't be parameterised.
>
> I'm not 100% sure about the format string of a printf, but I can't think of
Saurav Sarkar:
>Our application is free of any kind of SQL injection
Famous last words. :)
>as we don't have any input fields.
So where does your data come from?
Does your application have any interface that an attacker
could access?
How do you create your SQL statements?
Are you always using
7 matches
Mail list logo