[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Airscanner Mobile Security Advisory #07101401: Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSS Injection

To: "Seth Fogie" <seth@xxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Airscanner Mobile Security Advisory #07101401: Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSS Injection
From: reepex <reepex@xxxxxxxxx>
Date: Tue, 23 Oct 2007 13:22:36 -0500

On 10/23/07, Seth Fogie <seth@xxxxxxxxxxxxxx> wrote:
>
> * Risk Level:*
> High - Spoofed log records / Injected JavaScript can lead to malware
> attacks
>
>
Risk level high and javascript do not belong together

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Airscanner Mobile Security Advisory #07101401: Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSS Injection
  - From: Seth Fogie

Prev by Date: [Full-disclosure] [ MDKSA-2007:202 ] - Updated Firefox packages fix multiple vulnerabilities
Next by Date: Re: [Full-disclosure] IRM Discover More Vulnerabilities in Cisco IOS
Previous by thread: [Full-disclosure] Airscanner Mobile Security Advisory #07101401: Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSS Injection
Next by thread: [Full-disclosure] [vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities
Index(es):
- Date
- Thread