Full Disclosure mailing list archives
Re: XSS Vulnerabilities at Sun, IBM, Verisign, AOL,
From: bugtraq () cgisecurity net
Date: Mon, 14 Aug 2006 16:13:10 -0400 (EDT)
Instead of emailing every single site you find an XSS in, can you just send a weekly summary instead so as not to fill up our mailboxes to the point of not caring about what you found? -z http://www.cgisecurity.com/ Website Security news, and More http://www.cgisecurity.com/index.rss [RSS Feed]
This is a multi-part message in MIME format. --===============0237947780== Content-Type: multipart/alternative; boundary="----=_NextPart_000_0156_01C6BFF2.0562F500" This is a multi-part message in MIME format. ------=_NextPart_000_0156_01C6BFF2.0562F500 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Why world's leading security companies don't take care of their = security?=20 I`ve published some of XSS vulnerabilities in my blog and forwarded them = to full-disclosure. But it seems like leading security companies don`t = even think of fixing these bugs. Cisco, Microsoft, Symantec, NSA, = F-Secure, AOL, Sun, IBM, eEye still have vulnerabilities in their web = sites. Is there any chance to protect ourselves from this threat? How = can we trust these companies, if their web sites may allow hackers to = compromise our computers and get access to our bank accounts? Demostration exploit of XSS vulnerability at Verisign is availabe at = http://www.securitylab.ru/verisign.php Other vulnerabilities cat be found at = http://www.securitylab.ru/blog/tecklord/?category=3D19 Have a nice day, Valery ------=_NextPart_000_0156_01C6BFF2.0562F500 Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r"> <META content=3D"MSHTML 6.00.3790.2706" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT size=3D2><SPAN lang=3DEN-US style=3D"mso-ansi-language: = EN-US"><FONT=20 size=3D3><FONT face=3D"Times New Roman"> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman">Why = world’s=20 leading security companies don’t take care of their security? = <?xml:namespace=20 prefix =3D o ns =3D "urn:schemas-microsoft-com:office:office"=20 /><o:p></o:p></FONT></SPAN></P> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman">I`ve = published=20 some of XSS vulnerabilities in my blog and forwarded them to = full-disclosure.=20 But it seems like leading security companies don`t even think of fixing = these=20 bugs. Cisco, Microsoft, Symantec, NSA, F-Secure, AOL, Sun, IBM, = eEye still=20 have vulnerabilities in their web sites. Is there any chance to protect=20 ourselves from this threat? How can we trust these companies, if their = web sites=20 may allow hackers to compromise our computers and get access to our bank = accounts?</FONT></SPAN></P></FONT></FONT></SPAN> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 style=3D"mso-ansi-language: EN-US"><FONT size=3D3><FONT=20 face=3D"Times New Roman"></FONT></FONT></SPAN> </P> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 style=3D"mso-ansi-language: EN-US"><FONT size=3D3><FONT=20 face=3D"Times New Roman">Demostration exploit of XSS vulnerability = at=20 Verisign is availabe at <A=20 href=3D"http://www.securitylab.ru/verisign.php">http://www.securitylab.ru= /verisign.php</A></FONT></FONT></SPAN></P> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman"=20 size=3D3></FONT></SPAN> </P> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman" = size=3D3>Other=20 vulnerabilities cat be found at <A=20 href=3D"http://www.securitylab.ru/blog/tecklord/?category=3D19">http://ww= w.securitylab.ru/blog/tecklord/?category=3D19</A></FONT></SPAN></P> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman"=20 size=3D3></FONT></SPAN> </P> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman" = size=3D3>Have a nice=20 day,</FONT></SPAN></P> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman"=20 size=3D3>Valery</FONT></SPAN></P> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 style=3D"mso-ansi-language: EN-US"><FONT face=3D"Times New Roman"=20 size=3D3></FONT></SPAN> </P> <P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN lang=3DEN-US=20 style=3D"mso-ansi-language: EN-US"><FONT size=3D3><FONT=20 face=3D"Times New = Roman"><o:p></o:p></FONT></FONT></SPAN> </P></FONT></DIV></BODY></HT= ML> ------=_NextPart_000_0156_01C6BFF2.0562F500-- --===============0237947780== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ --===============0237947780==--
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- XSS Vulnerabilities at Sun, IBM, Verisign, AOL, F-Secure, eEye Valery Marchuk (Aug 14)
- Re: XSS Vulnerabilities at Sun, IBM, Verisign, AOL, bugtraq (Aug 14)