[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] XSS Vulnerabilities at Sun, IBM, Verisign, AOL, F-Secure, eEye

To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] XSS Vulnerabilities at Sun, IBM, Verisign, AOL, F-Secure, eEye
From: "Valery Marchuk" <tecklord@xxxxxxxxxxxxx>
Date: Mon, 14 Aug 2006 22:36:02 +0300

Why world's leading security companies don't take care of their security? 

I`ve published some of XSS vulnerabilities in my blog and forwarded them to 
full-disclosure. But it seems like leading security companies don`t even think 
of fixing these bugs. Cisco, Microsoft, Symantec, NSA, F-Secure, AOL, Sun, IBM, 
eEye still have vulnerabilities in their web sites. Is there any chance to 
protect ourselves from this threat? How can we trust these companies, if their 
web sites may allow hackers to compromise our computers and get access to our 
bank accounts?



Demostration exploit of XSS vulnerability at Verisign is availabe at 
http://www.securitylab.ru/verisign.php



Other vulnerabilities cat be found at 
http://www.securitylab.ru/blog/tecklord/?category=19



Have a nice day,

Valery

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] XSS Vulnerabilities at Sun, IBM, Verisign, AOL,
  - From: bugtraq

Prev by Date: Re: [Full-disclosure] what can be done with botnet C&C's? (fwd)
Next by Date: Re: [Full-disclosure] what can be done with botnet C&C's? (fwd)
Previous by thread: [Full-disclosure] [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow
Next by thread: Re: [Full-disclosure] XSS Vulnerabilities at Sun, IBM, Verisign, AOL,
Index(es):
- Date
- Thread