oss-sec mailing list archives
Re: Re: CVE request: Joomla Google Maps Plugin
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 27 Feb 2015 11:44:45 +0100
On Thu, 26 Feb 2015 14:43:19 -0500 (EST) cve-assign () mitre org wrote:
Finally, the researcher disclosed one new finding in 2014 in the http://seclists.org/fulldisclosure/2014/Feb/53 post. This new finding is a variant of CVE-2013-7428, but applies specifically to the case where the attacker controls a subdomain of the victim's domain name. Use CVE-2014-9686. The researcher gives an apparently realistic example in which the attacker controls site.wordpress.com and the attack target is the wordpress.com web site.
Now this is interesting because these issues seem to be unfixed. Anyone knows anything? I'll try to get in contact with the upstream developer about this. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- CVE request: Joomla Google Maps Plugin Hanno Böck (Feb 26)
- Re: CVE request: Joomla Google Maps Plugin cve-assign (Feb 26)
- Re: Re: CVE request: Joomla Google Maps Plugin Hanno Böck (Feb 27)
- Re: CVE request: Joomla Google Maps Plugin cve-assign (Feb 26)