SecurityFocus

Pentestn ASP website with tinymce Aug 31 2010 04:30PM
Luana C. Rocha (luanac rocha gmail com) (2 replies)

Re: Pentestn ASP website with tinymce Sep 01 2010 12:27PM
Justin Klein Keane (justin madirish net)

Re: Pentestn ASP website with tinymce Sep 01 2010 09:03AM
Robin Wood (robin digininja org) (1 replies)

Re: Pentestn ASP website with tinymce Sep 01 2010 07:49PM
Shawn Barry (shawnb391 gmail com) (1 replies)

Can anyone tell me how to opt-out of this mailing list? I enjoy
reading some of these letters, but my inbox is useally flooded with
emails because I signed up for too many mailing lists...

On Sep 1, 2010, at 4:03 AM, Robin Wood <robin (at) digininja (dot) org [email concealed]> wrote:

> On 31 August 2010 17:30, Luana C. Rocha <luanac.rocha (at) gmail (dot) com [email concealed]>
> wrote:
>> Hi,
>>
>> The company whose i work for is in process evaluating a new website.
>> They are not concerned about security, but with how easy is to
>> update the
>> website content.
>> At this moment the developer that is winning this evaluating is
>> proposing to
>> use tinymce as a content manager.
>> I read about tinymce and I'm really concerned about our security.
>> Does anyone uses the tinymce? Can anyone point me a good way to
>> pentest this
>> site and how to enforce it's security just in case they insist to
>> use
>> tinymce?
>>
>
> Exploit DB is a good start:
>
> http://www.exploit-db.com/search/?action=search&filter_page=1&filter_des
cription=tinymce&filter_author=&filter_platform=0&filter_type=0&filter_p
ort=&filter_osvdb=&filter_cve=
>
> And Security Focus
>
> http://www.securityfocus.com/vulnerabilities
>
>> PS: please forgive-me the bad english, i'm learning yet.
>
> Its better than some of the native speakers!
>
> Robin
>
>> LCR
>>
>> ---
>> ---------------------------------------------------------------------
>> This list is sponsored by: Information Assurance Certification
>> Review Board
>>
>> Prove to peers and potential employers without a doubt that you can
>> actually
>> do a proper penetration test. IACRB CPT and CEPT certs require a full
>> practical examination in order to become certified.
>> http://www.iacertification.org
>> ---
>> ---------------------------------------------------------------------
>>
>>
>
> ---
> ---------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification
> Review Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs
> require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ---
> ---------------------------------------------------------------------
>

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

[ reply ]

Re: Pentestn ASP website with tinymce Sep 03 2010 06:02PM
Erin Carroll (amoeba amoebazone com)