Re: [Full-disclosure] XSS vulnerability at Symantec.com #2

>ok, but want do you want to do with a stolen session on symantec ? get >free AV ? Are you really known that it can be used only for stolen session? XSS may use for fishing, farming, XSS proxy and other.. Can we trust security company, which can not protect your corporate Web site? __

Re: [Full-disclosure] XSS at Netcraft.com

>>Hi All! >> >>This time XSS vulnerability at Netcraft. Hope this company will act a bit >>sooner than others. >> >> >> >>Example of vulnerability is as usually in my blog at >>http://www.securitylab.ru/blog/tecklord/?category=19 Ironically, Netcraft provides security services and takes money fo

[Full-disclosure] news XSS on paypal.com

Hi! >From Russia Security Site: http://www.securitylab.ru/news/270837.php New worked XSS on paypal.com: www.paypal.com/cgi-bin/webscr?cmd=p/gen/-->alert('www.securitylab.ru') really work :) ___ Full-Disclosure - We believe in it. Charter: http://lists.

[Full-disclosure] [ADVISORY] - x Thu Mar 16 13:44:47 EST 2006 x - Integer Overflow in VMware

[ADVISORY] - x Thu Mar 16 13:44:47 EST 2006 x - Integer Overflow in VMware 8D~~ o/ 卍 DESCRIPTION 8D~~ VMware incorrectly parses integer data, and this can be used to execute arb