Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Full Disclosure of Security Vulnerabilities

From: "Brian Toovey" <admin () vulntrac com>
Date: Wed, 31 Oct 2007 17:18:41 -0400
Sell it on that auction site :)

-- 
Brian Toovey
admin () vulntrac com
http://vulntrac.com


On 10/31/07, jfvanmeter () comcast net <jfvanmeter () comcast net> wrote:


 Hello Everyone, I would llike to get your thoughts on Full Disclosure of Security Vulnerabilities . About 3 weeks 
ago during a per-test of a software suite for a client of myine, I found a directory traversal in a software suite 
that my client has installed on thousands of workstation.

I send screen shots and a packet capture to the vendor and they were able to to recreate the exploit.

my cleint doesn't want to go public with it because of the thousands of workstations and servers that its installed 
on. I also don't believe the vendor will go public with it, what would you all do?

Best Regards --John

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: