![]() ![]() Tags: computer security, disclosure, hacking, vulnerabilities, web I don’t know yet if Website Pros prefers to pay lawyers to suppress information rather than pay developers to fix software vulnerabilities. Can someone do so and get back to me? And if it is a real problem, spread the word. I don’t use NOF9, and I haven’t tested this vulnerability. The only concession that they have made is to put a warning in the publishing dialog box telling the user to “Please make sure your profiles repository are stored in a secure area of your remote server.” Website Pros has refused to fix the hole. Every site using versioning in NOF9 is exposing their site. ![]() This means that anyone can edit a NOF9 site and get any usernames and passwords involved in it. Then, open Fusion and create a new site from the d/l’ed template. , where n is the number you got from rollback.xml. The vulnerability exists for any website published using versioning (that is, all sites using nPower). ![]() This one looks interesting.īeta testers have discovered a serious security flaw that exposes a site created using Net Objects Fusion 9 (NOF9) that has the potential to expose an entire site to hacking, including passwords and log in info for that site. I regularly get anonymous e-mail from people exposing software vulnerabilities. Possible Net Objects Fusion 9 Vulnerability
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |