There was an error!Your code was not submited.<br><br><div class="gmail_quote">On Wed, Nov 23, 2011 at 12:11 PM, Press - Dognædis <span dir="ltr"><<a href="mailto:press@dognaedis.com">press@dognaedis.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Dear FullDisclosure,<br>
<br>
CodeV is a static code analysis tool (currently for php only, but soon<br>
to be developed to other languages) developed by Dognaedis<br>
(<a href="https://www.dognaedis.com/" target="_blank">https://www.dognaedis.com/</a>) to offer a tool to integrate in the<br>
development of the life cycle of software in order to detect<br>
vulnerabilities that arise from bad input validations as soon as they<br>
hit the code. The tool has a public demo version that is limited to a<br>
script with 250 lines of code and is available at<br>
<a href="https://codev.dognaedis.com/" target="_blank">https://codev.dognaedis.com/</a>.<br>
<br>
We analyzed some Open Source software to test our own tool and<br>
discovered 31 new vulnerabilities in 5 different opensource softwares.<br>
Following responsible disclosures of discovered vulnerabilities<br>
throughout CodeV's Open Source Software analysis, we are here reporting<br>
all the vulnerabilities discovered as soon as possible to the community,<br>
offering security not only to our clients but to the entire public. All<br>
the vulnerabilities brought to public previously followed the necessary<br>
disclosure protocol to the responsible teams. The vulnerabilities<br>
discovered can be found in <a href="https://www.dognaedis.com/vulns/" target="_blank">https://www.dognaedis.com/vulns/</a>.<br>
<br>
Thank you for your time and we hope you enjoy CodeV.<br>
<br>
--<br>
Press - Dognaedis<br>
Dognædis, Coimbra - Portugal<br>
<a href="http://www.dognaedis.com" target="_blank">http://www.dognaedis.com</a><br>
<br>
<br>
DECLARAÇÃO DE PRIVACIDADE:<br>
Esta mensagem é estritamente confidencial e deve ser acedida somente<br>
pelas pessoas e/ou entidades a quem ela foi endereçada, não sendo<br>
permitida a divulgação, modificação, visualização, ou qualquer outro<br>
tipo de utilização desta mensagem por terceiros. Caso não seja um dos<br>
destinatários, a Dognædis agradece que informe o remetente o mais<br>
rapidamente possível sobre o extravio ocorrido.<br>
<br>
DISCLAIMER:<br>
This message is confidential in any way, and can only be accessed by the<br>
persons or entities to whom it is addressed. If you are not one of them,<br>
Dognædis will thank you if you inform the author, as soon as possible,<br>
about the error that ocurred. It is totally forbidden the disclosure,<br>
modification, visualization, or other kind of use of the message and the<br>
respective contents to those who are not addressed herein.<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Ferenc Kovács<br>@Tyr43l - <a href="http://tyrael.hu" target="_blank">http://tyrael.hu</a><br>