* Privacy Protection
* Cryptography
* Legal and Ethical Issues
EC2ND 2010 specifically encourages submissions presenting work at an
early stage with the intention to act as a discussion forum for
innovative security research. While our goal is to solicit ideas
that are not completely worked out, and might have challenging and
interesting open questions, we expect submissions to be supported by
some evidence of feasibility or preliminary quantitative results.
-------------------------
WP-Forum <= 2.3 SQL Injection & Blind SQL Injection vulnerabilities
II. BACKGROUND
-------------------------
WP-Forum is a discussion forum plugin for WordPress. It works with
WordPress 2+ version and PHP >= 5.0
III. DESCRIPTION
-------------------------
WP-Forum fails to sanitized user supplied input and is vulnerable to
conference will draw participants from academia and industry in Europe
and beyond to discuss hot topics in applied network and systems
security.
EC2ND invites submissions presenting novel ideas at an early stage with
the intention to act as a discussion forum and feedback channel for
promising, innovative security research. While our goal is to solicit
ideas that are not completely worked out, and might have challenging and
interesting open questions, we expect submissions to be supported by
some evidence of feasibility or preliminary quantitative results.
conference will draw participants from academia and industry in Europe
and beyond to discuss hot topics in applied network and systems
security.
EC2ND invites submissions presenting novel ideas at an early stage with
the intention to act as a discussion forum and feedback channel for
promising, innovative security research. While our goal is to solicit
ideas that are not completely worked out, and might have challenging and
interesting open questions, we expect submissions to be supported by
some evidence of feasibility or preliminary quantitative results.
* Privacy Protection
* Cryptography
* Legal and Ethical Issues
EC2ND 2010 specifically encourages submissions presenting work at an
early stage with the intention to act as a discussion forum for
innovative security research. While our goal is to solicit ideas
that are not completely worked out, and might have challenging and
interesting open questions, we expect submissions to be supported by
some evidence of feasibility or preliminary quantitative results.
__________________________
A R I A - S E C U R I T Y
_________________________
Message Board / Threaded Discussion Forum SQL INJECTION
Vendor: http://www.codewidgets.com
http://target.com/PATH/sign_in.aspx
Username: admin
* Privacy Protection
* Cryptography
* Legal and Ethical Issues
EC2ND 2010 specifically encourages submissions presenting work at an
early stage with the intention to act as a discussion forum for
innovative security research. While our goal is to solicit ideas
that are not completely worked out, and might have challenging and
interesting open questions, we expect submissions to be supported by
some evidence of feasibility or preliminary quantitative results.
##########################################################
Description:
Vanilla is an open-source, standards-compliant, multi-lingual,
fully extensible web based discussion forum. Unfortunately there
are a couple of issues within Vanilla that allow for a malicious
user to steal client based credentials such as cookies. These
issues include both script injection and cross site scripting.
An updated version of Vanilla has been released and users should
upgrade their Vanilla installation as soon as possible.
academia and industry within Europe and beyond to discuss current topics in
applied network and systems security.
EC2ND 2008 invites submissions presenting novel ideas at an early stage
with
the intention to act as a discussion forum and feedback channel for
promising, innovative security research. While our goal is to solicit ideas
that are not completely worked out, and might have challenging and
interesting open questions, we expect submissions to be supported by some
evidence of feasibility or preliminary quantitative results.
eoCMS SQL injection vulnerability
1. General information
eoCMS is an open source code software which is used to develop Internet
forum (http://eocms.com/). On October 15, 2009, Bkis Security detected a
SQL injection vulnerability in some functions of eoCMS.
This is a critical vulnerability which allows hacker to access the data
in the database and execute unauthorized tasks. Bkis has informed the
software developer team, and they have patched the vulnerability in the
