Bugtraq: Privacy hole in Go Express Search

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Privacy hole in Go Express Search

From: ah () SECURITYFOCUS COM (Alfred Huger)
Date: Mon, 13 Dec 1999 14:51:54 -0800

---------- Forwarded message ----------
Date: 13 Dec 1999 03:23:39 -0000
From: roxen () securityfocus com
To: suggestions () securityfocus com
Subject: Link Suggestion

Link Name:      Privacy hole in Go Express Search

Link URL:       http://www.mobileunit.org/advisories/001/

Description:

Disney's Go Express Search operates an http server at port 1234 without authentication. Remote users can submit search
queries, and view queries and personal links left by other users. It's possible to access the configuration interface, 
which can
reveal the e-mail address of the user who registered it. Configuration settings can be changed remotely to, for 
instance, add,
remove or alter personal links.

By Date By Thread

Current thread:

Big problem on 2.0.x? Eduardo Cruz (Dec 09)
- Re: Big problem on 2.0.x? Hugo.van.der.Kooij () CAIW NL (Dec 10)
- Re: Big problem on 2.0.x? Mike Ireton (Dec 10)
- <Possible follow-ups>
- Re: Big problem on 2.0.x? Stephen White (Dec 11)
  - Privacy hole in Go Express Search Alfred Huger (Dec 13)
  - Re: Big problem on 2.0.x? Jason Mills (Dec 13)
    - [patch] Re: Big problem on 2.0.x? Andrea Arcangeli (Dec 14)
  - Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 13)
    - Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Malartre (Dec 14)
    - Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 14)