Privacy hole in Go Express Search

From: Alfred Huger (ahat_private)
Date: Mon Dec 13 1999 - 14:51:54 PST

Next message: Aleph One: "Security Vulnerability in VVOS TGP"

Previous message: Iván Arce: "Re: ssh-1.2.27 exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
Date: 13 Dec 1999 03:23:39 -0000
From: roxenat_private
To: suggestionsat_private
Subject: Link Suggestion

Link Name:	Privacy hole in Go Express Search

Link URL:	http://www.mobileunit.org/advisories/001/

Description:

Disney's Go Express Search operates an http server at port 1234 without authentication. Remote users can submit search
queries, and view queries and personal links left by other users. It's possible to access the configuration interface, which can
reveal the e-mail address of the user who registered it. Configuration settings can be changed remotely to, for instance, add,
remove or alter personal links.

Next message: Aleph One: "Security Vulnerability in VVOS TGP"
Previous message: Iván Arce: "Re: ssh-1.2.27 exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:20:43 PDT