Since we're sharing information: Sometimes ago I have examined the products of many software company's to see if it's possible to exploit vulnerabilities remotely. I have found a number of vulnerabilities in a number of software products. Vendors have (or will be) informed of my successful work.
In most software products it is possible to: - overflow buffers. - exploit format string vulnerabilities. - exploit race conditions. - exploit logical errors. etc. etc. I will not reveal what software is affected and how until patches are available. I just wanted to tell you this so you know, so don't complain afterwards I didn't warn you. I _will_ answer questions but I can not guarantee the answer will be satisfactory. Cheers, SkyLined ----- Original Message ----- From: "gp" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, November 20, 2004 21:11 Subject: [Full-Disclosure] Secret Vulns: Places of confusion > hello list > > > Sometimes ago I have examined the websites of many > Government's if it's possible to put malicious code > in their URLs. In November 2004 I inform some > Deparments about my successful work. > > > On most Sites it is possible to: > - inject SQL > - account hijacking > - user exploitation > - server manipulation > - read complete dir > ect. ect. > > > In Arrangement with the Victims I will not reveal > vulnerability or victim details until a fix became > published. I will answer no questions! > This is only for Your information! > > > Credits: > d.w., ms, [...] > > > -- > [EMAIL PROTECTED] online <-> MM > ---------- > .//sometimes its better to know somewhat as all but at later times would > be better to know nothing > > > > > > ----------------------------------------- > This email was sent using FREE Catholic Online Webmail! > http://webmail.catholic.org/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
