Re: [Full-disclosure] Millions of PDF invisibly embedded with your internal disk paths

. E.g. query filetype:pdf file c documents and settings (htm OR html OR mhtml) without quotes. Cheers, Inferno -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Juha-Matti Laurio Sent: Sunday, November 22, 2009 2

[Full-disclosure] Millions of PDF invisibly embedded with your internal disk paths

/rdf:li 19./rdf:Alt Share: Thanks and Regards, Inferno Security Researcher SecureThoughts.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http

[Full-disclosure] Using Blended Browser Threats involving Chrome to steal files on your computer

} - Release Date : November 05, 2009 - Severity : Medium - Discovered by : Inferno = I. TITLE - Using Blended Browser Threats involving Chrome to steal files on your computer II. VULNERABLE - Chrome

[Full-disclosure] Hijacking Opera's Native Page using malicious RSS payloads

without user consent. http://securethoughts.com/security/rssatomxss/opera10exploit2.atom (Tested on Opera 10.00 Stable Build 1750) (Image) Thanks and Regards, Inferno Security Researcher SecureThoughts.com ___ Full-Disclosure - We believe in it. Charter: http

[Full-disclosure] Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and m ore

ss-reader-with-script-execution-and-more/ = SECURETHOUGHTS.COM ADVISORY - CVE-ID: CVE-2009- (Chrome) {Pending} - Release Date : September 15, 2009 - Severity : Medium to High - Discovered by : Inferno

Re: [Full-disclosure] Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more

and Regards, Inferno Security Researcher SecureThoughts.com -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Michal Zalewski Sent: Wednesday, September 16, 2009 12:07 AM To: Inferno Cc: full-disclosure

[Full-disclosure] Pwning Opera Unite with Inferno's Eleven

-eleven/ Thanks and Regards, Inferno Security Researcher SecureThoughts.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Bypassing OWASP ESAPI XSS Protection inside Javascript

Bypassing OWASP ESAPI XSS Protection inside Javascript -- By Inferno (inferno {at} securethoughts {dot} com) Everyone knows the invaluable XSS cheat sheet maintained by RSnake. It is all about breaking things and features all the scenarios

[Full-disclosure] Hijacking Safari 4 Top Sites with Phish Bombs

= SECURETHOUGHTS.COM ADVISORY - CVE-ID: CVE-2009-2196 - Release Date  : August 11, 2009 - Discovered by : Inferno = I. TITLE - Hijacking Safari 4 Top Sites with Phish Bombs II