Bugtraq: Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting

From: Stefano Zanero <s.zanero () securenetwork it>
Date: Fri, 09 Jan 2009 11:09:34 +0100

Dear all,

just in order to give complete information, after being contacted by the
vendor (thanks !) we can confirm the following version information:

Systems affected: Plunet BusinessManager 4.1


Therefore, the vendor recommended fix is as follows:

*** FIX INFORMATION ***


Upgrade Plunet BusinessManager to the latest available version, and in
any case to a version >=4.2

Our advisory has been updated to reflect this new information:
http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt

For the records, what apparently happened is that our first advisory was
correctly received and immediately acted upon by the vendor, but we
never received an acknowledgment and fix information afterwards for some
communication mishap. Our later contact attempts did not apparently
reach the appropriate person(s) inside the company.

We thank the vendor for working with us on this.

Best regards,
Stefano Zanero

By Date By Thread

Current thread:

Plunet BusinessManager failure in access controls and multiple stored cross site scripting Matteo Ignaccolo (Jan 07)
- Re: Plunet BusinessManager failure in access controls and multiple stored cross site scripting Stefano Zanero (Jan 09)
- <Possible follow-ups>
- Plunet BusinessManager failure in access controls and multiple stored cross site scripting Matteo Ignaccolo (Jan 07)