Full Disclosure mailing list archives
Re: Secret Vulns: Places of confusion
From: "Berend-Jan Wever" <skylined () edup tudelft nl>
Date: Sun, 21 Nov 2004 04:36:52 +0100
Since we're sharing information: Sometimes ago I have examined the products of many software company's to see if it's possible to exploit vulnerabilities remotely. I have found a number of vulnerabilities in a number of software products. Vendors have (or will be) informed of my successful work. In most software products it is possible to: - overflow buffers. - exploit format string vulnerabilities. - exploit race conditions. - exploit logical errors. etc. etc. I will not reveal what software is affected and how until patches are available. I just wanted to tell you this so you know, so don't complain afterwards I didn't warn you. I _will_ answer questions but I can not guarantee the answer will be satisfactory. Cheers, SkyLined ----- Original Message ----- From: "gp" <girl () catholic org> To: <full-disclosure () lists netsys com> Sent: Saturday, November 20, 2004 21:11 Subject: [Full-disclosure] Secret Vulns: Places of confusion
hello list Sometimes ago I have examined the websites of many Government's if it's possible to put malicious code in their URLs. In November 2004 I inform some Deparments about my successful work. On most Sites it is possible to: - inject SQL - account hijacking - user exploitation - server manipulation - read complete dir ect. ect. In Arrangement with the Victims I will not reveal vulnerability or victim details until a fix became published. I will answer no questions! This is only for Your information! Credits: d.w., ms, [...] -- g@cat online <-> MM ---------- .//sometimes its better to know somewhat as all but at later times would be better to know nothing ----------------------------------------- This email was sent using FREE Catholic Online Webmail! http://webmail.catholic.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Secret Vulns: Places of confusion gp (Nov 20)
- Re: Secret Vulns: Places of confusion Michael Rutledge (Nov 20)
- Re: Secret Vulns: Places of confusion devis (Nov 21)
- Re: Secret Vulns: Places of confusion Berend-Jan Wever (Nov 21)
- Re: Secret Vulns: Places of confusion Robert Hogan (Nov 21)
- Re: Secret Vulns: Places of confusion Andrew Smith (Nov 21)
- Re: Secret Vulns: Places of confusion Michael Rutledge (Nov 20)