Best practice is PCI compliance.
Duh.
On Tue, Apr 29, 2014 at 5:21 PM, Jeffrey Walton wrote:
> On Tue, Apr 29, 2014 at 11:30 AM, Daniel Hadfield
> wrote:
> > http://blog.aol.com/2014/04/28/aol-security-update/
> >
> Ouch... Have any details of the "encryption" been analyzed or
> discussed? It
On 2014-04-29 05:13, Illwill wrote:
What circumstance would a WordPress admin not usually have this kind of access
anyhow?
Although it's rarely used, WordPress does have the capability to support
multiple levels of administrators, in which case one may have access to
an already installed plu
On Tue, Apr 29, 2014 at 11:30 AM, Daniel Hadfield wrote:
> http://blog.aol.com/2014/04/28/aol-security-update/
>
Ouch... Have any details of the "encryption" been analyzed or
discussed? Its always interesting to see what a company considers
"best practice".
Jeff
AOL's investigation is still und
On Tue, Apr 29, 2014 at 1:26 AM, wrote:
> Thus, in this case, the development of such malicious client is not out of
> their security model and it is an actual design flaw.
I'm no fan of Telegram, but this is silly.
Can you point to any security software that can survive the "client is
duped i
Hi,
I'm afraid I have a few questions and some criticism. My responses inline:
On Tue, Apr 29, 2014 at 10:26 AM, wrote:
> Hello,
>
> Thanks for your response.
>
> Telegram actually promotes the development of unofficial apps by providing
> a free API which allows anyone to interact with their s
What circumstance would a WordPress admin not usually have this kind of access
anyhow?
Why the delay in discovery til reporting?
On April 29, 2014 6:32:01 AM EDT, dxw Security wrote:
>Details
>
>Software: File Gallery
>Version: 1.7.7,1.7.9
>Homepage: http://wordpress.org/plugins/
Vendor: http://quickbase.intuit.com
Intuit QuickBase sells itself as a combination database and business
intelligence tool. Its performance is terrible; however, that doesn't stop
some businesses from using it as the back-end for their apps.
A fun fact that they don't advertise is that they limit
http://blog.aol.com/2014/04/28/aol-security-update/
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Details
Software: File Gallery
Version: 1.7.7,1.7.9
Homepage: http://wordpress.org/plugins/file-gallery/
Advisory ID: dxw-1970-638
CVE: CVE-2014-2558
CVSS: 8 (High; AV:N/AC:L/Au:S/C:C/I:P/A:P)
Description
Arbitrary code execution by admins in File Gallery 1.7.7
V
Hello,
Thanks for your response.
Telegram actually promotes the development of unofficial apps by providing
a free API which allows anyone to interact with their services, and easily
develop and distribute an unofficial client. Moreover, they do not provide
any mechanism at all to verify the auth
10 matches
Mail list logo
