Archive for the ‘Vulnerability Disclosure’ Category

Originally published around 2007, the vulnerability pertaining to removing the questiontype field on the “My Account” page has finally been patched. I guess account security isn’t something IJJI cares about all that much. Advertisements

Product: Gunz server daemon (a.k.a. MDaemon), rev 5 (Release date 13.06.2007); Class: Remote DoS/Buffer Overflow vulnerability Product Details: The released Gunz server files, originating from the Gunz subsidiary, Brazil Gunz, are considered the most commonly used server files for Gunz private servers everywhere. Disclosure Details: By sending a specific byte series, a remote Denial of […]

Product: IJJI Homepage Class: Web-verification error Product Details: The IJJI content-management system requires a username, a password, and a “secret answer” (An answer to a specific question you select at registration) to modify any valuable account details (Name, address, phone number, password, e-mail, etc). The page can be reached by clicking the My Account page […]