Leader, WASC Web Hacking Incidents Database Project
WHID 2007-71: Hacker uses Social Security numbers from Ohio court site
======================================================================
Reported: 22 December 2007, Occurred: 22 December 2007
Classifications:
* Attack Method: Credential/Session Prediction
* Country: USA
28 October 2010: Informed Vendor that multiple pages are still
vulnerable
03 November 2010: Acknowledgement / Update requested
03 November 2010: Update received. No fixes initiated.
23 November 2010: Informed vendor disclosure date set to 1/12/2010
22 December 2010: Update requested.
22 December 2010: Vendor asks to release information as the
vulnerabilities are already known
23 December 2010: A different contact at the Vendor location informs
that there are no updates.
24 December 2010: Disclosure date set to 5 December 2010
> Leader, WASC Web Hacking Incidents Database Project
>
>
> WHID 2007-71: Hacker uses Social Security numbers from Ohio court site
> ======================================================================
> Reported: 22 December 2007, Occurred: 22 December 2007
>
> Classifications:
>
> * Attack Method: Credential/Session Prediction
> * Country: USA
Timeline
-------------------------
17 December 2007 -- Vendor Contacted
19 December 2007 -- Vendor Replied
22 December 2007 -- New Release
22 December 2007 -- Advisory Released
What is TikiWiki
------------------------
Tikiwiki (Tiki) is your Groupware/CMS (Content Management System) solution. Tiki has the features you need:
Leader, WASC Web Hacking Incidents Database Project
WHID 2007-71: Hacker uses Social Security numbers from Ohio court site
======================================================================
Reported: 22 December 2007, Occurred: 22 December 2007
Classifications:
* Attack Method: Credential/Session Prediction
* Country: USA
28 October 2010: Informed Vendor that multiple pages are still
vulnerable
03 November 2010: Acknowledgement / Update requested
03 November 2010: Update received. No fixes initiated.
23 November 2010: Informed vendor disclosure date set to 1/12/2010
22 December 2010: Update requested.
22 December 2010: Vendor asks to release information as the
vulnerabilities are already known
23 December 2010: A different contact at the Vendor location informs
that there are no updates.
24 December 2010: Disclosure date set to 5 December 2010
Leader, WASC Web Hacking Incidents Database Project
WHID 2007-71: Hacker uses Social Security numbers from Ohio court site
======================================================================
Reported: 22 December 2007, Occurred: 22 December 2007
Classifications:
* Attack Method: Credential/Session Prediction
* Country: USA
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Version:1 (rev.1) - 22 December 2008 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
action: install DBARCH631_hotfix35 if running HP Database Archiving Software v6.31
END AFFECTED VERSIONS (for HP-UX)
HISTORY
Version:1 (rev.1) - 22 December 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Just free of SafeSEH restrictions themselves (the flags are slightly
different too).
-HD
On Saturday 22 December 2007, Dude VanWinkle wrote:
> Does ATL.dll and friends equate to the SEH version of XPSP2's
> starforce.dll (where you can turn off DEP by invoking it), meaning
> does calling them cancel out all SafeSEH security, or are they just
> free from the SafeSEH restrictions by themselves?
>
