Bugtraq mailing list archives
Privacy hole in Go Express Search
From: ah () SECURITYFOCUS COM (Alfred Huger)
Date: Mon, 13 Dec 1999 14:51:54 -0800
---------- Forwarded message ---------- Date: 13 Dec 1999 03:23:39 -0000 From: roxen () securityfocus com To: suggestions () securityfocus com Subject: Link Suggestion Link Name: Privacy hole in Go Express Search Link URL: http://www.mobileunit.org/advisories/001/ Description: Disney's Go Express Search operates an http server at port 1234 without authentication. Remote users can submit search queries, and view queries and personal links left by other users. It's possible to access the configuration interface, which can reveal the e-mail address of the user who registered it. Configuration settings can be changed remotely to, for instance, add, remove or alter personal links.
Current thread:
- Big problem on 2.0.x? Eduardo Cruz (Dec 09)
- Re: Big problem on 2.0.x? Hugo.van.der.Kooij () CAIW NL (Dec 10)
- Re: Big problem on 2.0.x? Mike Ireton (Dec 10)
- <Possible follow-ups>
- Re: Big problem on 2.0.x? Stephen White (Dec 11)
- Privacy hole in Go Express Search Alfred Huger (Dec 13)
- Re: Big problem on 2.0.x? Jason Mills (Dec 13)
- [patch] Re: Big problem on 2.0.x? Andrea Arcangeli (Dec 14)
- Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 13)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Malartre (Dec 14)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 14)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Federico - Comnet S.A. (Dec 15)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70Vulnerability ussr secure (Dec 16)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Tim (Dec 15)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 15)
- CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind Elias Levy (Dec 14)