Via WebProNews, Metasploit
explains
how it discovered flaws in the Google Mini enterprise search appliance that
could be abused to do "cross-site scripting, file discovery, service enumeration
and arbitrary command execution." The flaw was reported to Google apparently
privately earlier this year in June, a patch issued August and news of the issue
released yesterday. Metasploit praised Google for responding immediately and
being helpful through the fix and testing process.
Google Mini Security Issue Patched
Via WebProNews, Metasploit explains how it discovered flaws in the Google Mini enterprise search appliance that could be abused to do "cross-site scripting, file discovery, service enumeration and arbitrary command execution." The flaw was reported to Google apparently privately earlier this year in June, a patch issued August and news of the issue released yesterday. […]