SecurityFocus

Remote Command Execution in dotDefender Site Management Nov 30 2009 03:48PM
John Dos (dotdefeater googlemail com) (2 replies)

Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management Jun 30 2010 08:56PM
Henri Salo (henri nerv fi)

Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management Dec 01 2009 05:00PM
Andrew Farmer (andfarm gmail com)

On 30 Nov 2009, at 07:48, John Dos wrote:
> After passing the Basic Auth login you can create/delete applications.

If Basic auth is the only protection, isn't dotDefender also vulnerable to XSRF?

[ reply ]