Black Day to Kaspersky

Started by Frands, December 15, 2009, 09:41:05 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Frands

December 15, 2009, 09:41:05 PM
Hi :)

FYI:
QuoteIt is known by many as  February 7, 2009  I found a SQL Injection vulnerability in  Kaspersky USA . When security sites and databases Kaspersky has been audited by an  uber specialist, David Litchfield . But it seems that  the story of vulnerabilities continue  ... This time parameter is vulnerable on a page in  Malaysia and in Singapore . The vulnerability affects all databases in Southeast Asia.
Vulnerable parameter gives us full access to databases on the server. Databases that contain personal data and logging of user, administrator, activation codes for various licenses, order and shop details, etc .. Compared to Symantec, even here the passwords are stored in encrypted form .. added to Kaspersky. Gloves, however, a HUGE mistake, is that the number of hits in the results page is not restricted, as  in the page appear and up to 10,000 results for a single sql query . What makes it easy for a hacker who wants to steal, to save the data.

http://praetorianprefect.com/archives/2009/12/unu-gets-kaspersky-again/
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/
Print
Go Up Pages1
User actions