17 点作者 gopher将近 17 年前

6 条评论

there将近 17 年前

oh no, a lame xss bug in a 3rd party cgi script that runs on a solaris web server hosting a website that uses no cookies. surely this is big news!

shadytrees将近 17 年前

You have achieved the difficult task of making CVS less usable.

dguido将近 17 年前

This was posted on full-disclosure August 6th.<p><a href="http://seclists.org/fulldisclosure/2008/Aug/0074.html" rel="nofollow">http://seclists.org/fulldisclosure/2008/Aug/0074.html</a>

gstar将近 17 年前

I cant decide if that's classy or cheeky.<p>But regardless, I dont know if a bug in cvsweb counts as openbsd - does it?

评论 #282859 未加载

stassats将近 17 年前

Is that a hole? Is that a default install?

评论 #282739 未加载

tptacek将近 17 年前

OH NOEZ! U G0TZ MY CVSWEB COOKEEZ!

Only two remote holes in the default install, in more than 10 years

6 条评论

Only two remote holes in the default install, in more than 10 years

6 条评论